473,325 Members | 2,308 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

Protect files (on web server) from web admin

Hi guys.

I’m still occupied with school, however, I can’t quite help thinking about a part of my project that I’m very curious about.

I want to protect files and folders on the web server, so that no one can access the files through the web server OS (using e.g. windows explorer to see, open and edit the html or php files).

I want to clarify: I do not want to “hide” the html source file, or any other file that otherwise is accessible through a web browser (e.g. javascript).

The main idea is to make sure that the only way you have access to the files would be through a web browser.
E.g. let’s say that the web site contains html and php files. The html files are accessible as usual (http://server/file.html) and the php code is run as usual (action=”form.php”), but only if you access them through the URI adress (i.e. through Apache).
In other words I want to restrict access (not privileges like create/delete etc.) to the files and folders on the server from the server holder (and basically myself).

There are three ways I can think of doing this:
1) Using password protected zip files (I know that PHP support this). This is the most favourable solution.

2) Encrypting the files (with PHP). This method would still leave the folders open (If not possible to encrypt the entire site directory structure to one big file?)

3) Using some form of folder lock program, making sure that privileges like create/delete are restricted for the server owner (although this is somewhat unrelated to PHP).


I need some expert opinions and suggestions.

Oh, this is my second post (... kind of), so play nice.

PS. I know that this is more of a general web site question (no forums that quite match up? ----- perhaps it should have been put in the Apache forum?), however I can currently only think about PHP solutions to this problem and for that reason posted in this forum.
Nov 7 '07 #1
3 4812
Atli
5,058 Expert 4TB
Hi.

There is no way to hide files and folders from the root user on a Linux machine (the favorite platform for Apache server) and I think the same applies to Windows and Mac. The root or Administrative user has access to all parts of the system without limitations.

It is however possible to encrypt the files using 3rd party tools so that the root user can't use the files. That is to say; root has full access to the files but is unable to use them. This of course does not protect the file from being deleted or altered in some way.
This could be accomplished by adding the files to a password protected ZIP file, like you mentioned.
Nov 7 '07 #2
Hi Atli, thanks for your reply!

It is however possible to encrypt the files using 3rd party tools so that the root user can't use the files. That is to say; root has full access to the files but is unable to use them. This of course does not protect the file from being deleted or altered in some way.
I suppose, in a nutshell, that this is what I'm trying to do.

I would guess that using ZIP to achieve whatever I am trying to achieve would perhaps be the best way to achieve it, no? Anyway, I will start with it. There are several question surrounding the use of ZIP to do this. I will however start a new thread for those questions (it would be more relevant to PHP and ZIP); Security questions regarding password protected ZIP files.

In the mean while: if anyone else have any different ideas, recommendations and suggestions, please, you’re welcome to share them.
Nov 8 '07 #3
i have same problem my php web site has folder that have some video files but that file can download in web browser i what to restrict that download and only login user can download video files how can i do this?
Jun 11 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

2
by: travelling_nerd | last post by:
Folks: I have some zip files I'd like to serve to authenticated users on my site, but would like to prevent unauthorized users from using an absolute path to get to these zip files. For example...
1
by: Tom I | last post by:
I am interested if anyone can point me to "best practices" regarding the level of administrative authority a SQL Server database administrator should have. Alternatively, I'd be interested hearing...
3
by: Parham | last post by:
Hello, How to protect structures(Tables,SP,Views and Functions) of a SQL Server Database?(Password protect a database file) I have a SQL database that will distribute with my application, I want...
4
by: Ray Stevens | last post by:
How do you protect files (such as .PDF) in a hosted (Interland) environment when you have no access to IIS?
2
by: Gary | last post by:
How do you administer ASP.NET on the IIS server. I'm using XP Pro. I need to update ASP.NET on the server from 1.0 to 1.1. Thanks, Gary
4
by: Siv Hansen | last post by:
I'm currently working with a server with error reporting level 0, which is good if this was purely a production server. It's not. I have fourty students trying to learn php programming on this...
1
JamieHowarth0
by: JamieHowarth0 | last post by:
Hi folks, As a mod in the ASP Forum I'm fairly proficient in server administration stuff. I've taken the initiative of getting a virtual dedicated server with GoDaddy (whom I believe are fairly...
0
by: peter | last post by:
Hi, Here is an urgent requirement with one of our direct customer for Sr.Windows Server Administrator.Client is an Financial Services company looking for Senior Consultants for this position....
9
luckysanj
by: luckysanj | last post by:
I am developing the free e-book sites.so i I want to know how to prevent the subfolders from websites. Means, when we open the home page like www.best4knowledge.com then it first open index page...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.