Where should I place sensitive files so that they are read-able by PHP scripts?

Question

I am on a Parallels/Plesk VPS host, and this is a really newbie question.

The webroot is at:

/var/www/vhosts/my-domain-name/httpdocs

There is also a path called:

/var/www/vhosts/my-domain-name/private/

But PHP scripts can't seem to read files in there.

From my understanding any file placed within the webroot, is in danger of being served to the public if requested by its web-path/filename. I am vaguely aware of the use of .htaccess files to tell Apache not to serve certain files/dirs.

But can (or should) I place my sensitive file somewhere outside of the webroot, while still allowing it to be read by PHP scripts?

Thank you!

Here were my errors when trying to read a file within the "private" folder above:

Warning: file() [function.file]: open_basedir restriction in effect. File(../../private/test.txt) is not within the allowed path(s): (/var/www/vhosts/blah.com/httpdocs:/tmp) in /var/www/vhosts/blah.com/httpdocs/misc/testscript.php on line 8

Warning: file(../../private/test-dt.txt) [function.file]: failed to open stream: Operation not permitted in /var/www/vhosts/blah.com/httpdocs/misc/testscript.php on line 8

UPDATE: SOLVED

Picto at reddit/r/PHPHelp gave me what I needed, and it is specific to Plesk systems. I had to write a file called vhost.conf placed in the conf folder which exists at the same level as httpdocs. And in the vhost.conf, I used:

<Directory /var/www/vhosts/my-domain-name/httpdocs>
php_admin_value open_basedir /var/www/vhosts/my-domain-name/httpdocs:/tmp:/var/www/vhosts/my-domain-name/myfolder
</Directory>

So I now place my sensitive files in "myfolder", which is outside of the webroot (httpdocs). After this, to make these settings take effect, (restarting Apache doesn't work) there are some Plesk specific commands to give, see: http://www.gadberry.com/aaron/2006/02/09/plesk_vhost/

Answer 1

It's a good practice store sensitive data outside apache document root.

You need to allow PHP to access these folders adding or modifying the Virtual Host configuration.

Look for php_value open_basedir

and add your folders separated by a colon (:)

More info at open_basedir

Note: there is a few security issues with open_basedir, explained in

http://www.hardened-php.net/advisory_012004.42.html

EDIT:

I use this tree structure for each domain:

domain/            www-data permisions
├── etc            r-x
├── log            rwx
├── phpCache       rwx
├── phpFiler       rwx
├── phpInclude     r-x
├── phpLogs        rwx
├── phpSession     rwx
├── phpTmp         rwx
├── phpTrash       rwx
├── privat         --- 
├── www443         r-x
└── www80          r-x

etc: for application configuration files.

log: for Apache or nginx log files

phpCache: for Zend_Cache files

phpFiler: for app's files, a PHP script serves it if the user has privileges.

phpInclude: php_value include_path

phpLogs: for application logs

phpSessions: for store this virtual host data sessions.

phpTmp: for temporal files, like uploaded.

phpTrash: a trash for phpFiler.

privat: for my private pourposes

www443: for https document root

www80: for http document root

In open_basedir clausule I put all folders except log and privat.

Answer 2

This means, that the so-called safe-mode is in affect, which does not allow any opening of file and directories outside a given directory (e.g. your specific webroot). This is very common on shared hosters and if you do not have access to the php.ini, you are out of luck and cannot access your files in ../private.

To access protected files, add a directory below your usual httpdocs-directory (e.g. private) and add a .htaccess-file inside with the content

order allow
deny deny from all

This will prevent anyone accessing the files without going through your php-script.

On a last note: if your php-file has been right under the httpdocs-directory, your script needs to point to ../private/test-dt.txt and not to ../../private/test-dt.txt.