Menu
I have a .ini file with sensitive information in my php wab app. I denied access to it using a .htaccess file:
<files my.ini>
order deny,allow
deny from all
</files>
I don't have access to folders outside of htdocs, so I can't move the .ini file out of browsable territory.
Is my solution safe?
295
htaccess and . htpasswd files are protected from all external access. This is super important because you do not want anyone or anything to access these sensitive and powerful files. If you are unsure, or just want to be extra secure, continue reading to learn how to protect all of your .
You just need to add a few commands to . htaccess to make it happen. For example, deny from all is a command that will allow you to apply access restrictions to your site.
The .htaccess will block access from the web. However, if you're using a shared hosting environment, it might be possible for other users to access your ini. If its on a (virtual private) server and you're the only user for that server you're safe.
In case of shared hosting it depends on server configuration. For more info read: PHP Security in a shared hosting environment
You can temporarily install PHPShell and browse through the server filesystem to check if your server is vulnerable. (requires some commandline knowledge)
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
