How can I restrict access to a data file?

phpnoob

I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.

The big problem is that anyone can point their web browser to
www.mywebsite.com/data/data.csv and see exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.

I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.

Thanks for any help.

Jan 9 '08 #1

Subscribe Reply

2558

Gordon

On Jan 9, 5:03 am, phpn...@tragic. pointyhats.com wrote:

I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.

The big problem is that anyone can point their web browser towww.mywebsite .com/data/data.csvand see exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.

I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.

Thanks for any help.

If it is possible to do so then store the file in a directory that
isn't visible to the web. For example, if when you look into the web
server's FTP site and your home directory contains a public_html
directory or similar from which web pages are served, save the file to
the level above the public_html directory.

If everything on your web server's machine is web accessible then
create a directory for your file to go in and protect it with
a .htaccess file that is set to deny from all.

If at all possible go for the first option as it is 100% foolproof,
whereas the latter might fail if a misconfiguratio n of the web server
occurs (like the host installs a new version of apache and forgets to
enable support for .htaccess files when they start it).

Jan 9 '08 #2

phpnoob

On Jan 9, 9:09 am, Gordon <gordon.mc...@n tlworld.comwrot e:

On Jan 9, 5:03 am, phpn...@tragic. pointyhats.com wrote:

I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.

The big problem is that anyone can point their web browser towww.mywebsite .com/data/data.csvandsee exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.

I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.

Thanks for any help.

If it is possible to do so then store the file in a directory that
isn't visible to the web. For example, if when you look into the web
server's FTP site and your home directory contains a public_html
directory or similar from which web pages are served, save the file to
the level above the public_html directory.

If everything on your web server's machine is web accessible then
create a directory for your file to go in and protect it with
a .htaccess file that is set to deny from all.

If at all possible go for the first option as it is 100% foolproof,
whereas the latter might fail if a misconfiguratio n of the web server
occurs (like the host installs a new version of apache and forgets to
enable support for .htaccess files when they start it).

Thank you for the replies. Part of the problem is that the web server
has set my HTML directory to "/../domainname.com" instead of "/../
domainname.com/public_html." I have sent a trouble ticket asking that
the HTML directory be changed to /public_html so that I have access to
the parent directories while the "public" only has access to the /
public_html files. These replies led the way. I think I am better
equipped to deal with this. Thanks again.

Jan 9 '08 #3

Similar topics

3123

Restrict Access Problem

by: Paul | last post by:

Hi all, at present I I've built a website which can be updated by admin and users. My problem, I've combined "log in" and "access levels" to restrict access to certain pages, using the built in "log in" and "user authentication, restrict access to page" features. But I find the after login I constantly get redirected from the restricted...

ASP / Active Server Pages

10344

Restrict user access to tables in MDE file

by: Jay McGrath | last post by:

Does anyone know if it is possible to prevent a user from accessing the tables in an MDE file? I can go to my start-up menu and limit access to various functions, etc. I could even disable the 'close' button on the forms. However, all a user has to do is hold the SHIFT key down while launching the MDE application to bypass the start-up...

Microsoft Access / VBA

6397

restrict

by: gc | last post by:

Hi, What is the purpose of the restrict keyword? gc

C / C++

2184

`restrict' qualifer

by: Vijay Kumar R Zanvar | last post by:

Greetings, Are the following inferences of mine correct? 1. #include <string.h> char *strcpy(char * restrict s1, const char * restrict s2); a. s1 != s2 b. That means,

C / C++

2665

restrict keyword from ISO C99?

by: tweak | last post by:

Can someone give me a short example as how to best use this keyword in your code? This is my understanding: by definition restrict sounds like it is suppose to restrict access to memory location(s) pointed to, so that only one declared pointer can store that address and access the data in those memory blocks, where I the data in those...

C / C++

2957

Restrict Access by Application

by: toddles666 | last post by:

Hi- Is there any way of restricting access to a database by application & account? For example, I only want the application APP1 to access the database using the USER1 account. I've tried to use the DB2 Governor to do this, but it seems it always allows the the first query to be processed before forcing the connection. Here is my db2gov...

DB2 Database

2487

'restrict' in plain English?

by: Me | last post by:

I'm trying to wrap my head around the wording but from what I think the standard says: 1. it's impossible to swap a restrict pointer with another pointer, i.e. int a = 1, b = 2; int * restrict ap = &a; int * restrict bp = &b;

C / C++

2625

Trying to understand "restrict"

by: Frederick Gotham | last post by:

I'm going to be using an acronym a lot in this post: IINM = If I'm not mistaken Let's say we've got translation units which are going to be compiled to object files, and that these object files will be supplied to people to link with their own projects. Here's a sample function in one of the object files: void Func(int const *const p) {

C / C++

2367

Using C99 "restrict" with newly allocated and initialized arrays/structures

by: rainy6144 | last post by:

Does the following code have defined behavior? double *new_array(unsigned n) { double *p = malloc(n * sizeof(double)); unsigned i; for (i = 0; i < n; i++) p = 0.0; return p; }

C / C++

7915

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...

General

7843

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...

Windows Server

8205

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...

C / C++

8339

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...

Online Marketing

7967

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...

Windows Server

8220

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...

General

6619

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...

Career Advice

3840

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...

Networking - Hardware / Configuration

2347

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp