I’m still occupied with school, however, I can’t quite help thinking about a part of my project that I’m very curious about.
I want to protect files and folders on the web server, so that no one can access the files through the web server OS (using e.g. windows explorer to see, open and edit the html or php files).
I want to clarify: I do not want to “hide” the html source file, or any other file that otherwise is accessible through a web browser (e.g. javascript).
The main idea is to make sure that the only way you have access to the files would be through a web browser.
E.g. let’s say that the web site contains html and php files. The html files are accessible as usual (http://server/file.html) and the php code is run as usual (action=”form.php”), but only if you access them through the URI adress (i.e. through Apache).In other words I want to restrict access (not privileges like create/delete etc.) to the files and folders on the server from the server holder (and basically myself).
There are three ways I can think of doing this:
1) Using password protected zip files (I know that PHP support this). This is the most favourable solution.
2) Encrypting the files (with PHP). This method would still leave the folders open (If not possible to encrypt the entire site directory structure to one big file?)
3) Using some form of folder lock program, making sure that privileges like create/delete are restricted for the server owner (although this is somewhat unrelated to PHP).
I need some expert opinions and suggestions.
Oh, this is my second post (... kind of), so play nice.
PS. I know that this is more of a general web site question (no forums that quite match up? ----- perhaps it should have been put in the Apache forum?), however I can currently only think about PHP solutions to this problem and for that reason posted in this forum.