By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,346 Members | 2,331 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,346 IT Pros & Developers. It's quick & easy.

How can I restrict access to a data file?

P: n/a
I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.

The big problem is that anyone can point their web browser to
www.mywebsite.com/data/data.csv and see exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.

I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.

Thanks for any help.
Jan 9 '08 #1
Share this Question
Share on Google+
2 Replies


P: n/a
On Jan 9, 5:03 am, phpn...@tragic.pointyhats.com wrote:
I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.

The big problem is that anyone can point their web browser towww.mywebsite.com/data/data.csvand see exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.

I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.

Thanks for any help.
If it is possible to do so then store the file in a directory that
isn't visible to the web. For example, if when you look into the web
server's FTP site and your home directory contains a public_html
directory or similar from which web pages are served, save the file to
the level above the public_html directory.

If everything on your web server's machine is web accessible then
create a directory for your file to go in and protect it with
a .htaccess file that is set to deny from all.

If at all possible go for the first option as it is 100% foolproof,
whereas the latter might fail if a misconfiguration of the web server
occurs (like the host installs a new version of apache and forgets to
enable support for .htaccess files when they start it).
Jan 9 '08 #2

P: n/a
On Jan 9, 9:09 am, Gordon <gordon.mc...@ntlworld.comwrote:
On Jan 9, 5:03 am, phpn...@tragic.pointyhats.com wrote:
I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.
The big problem is that anyone can point their web browser towww.mywebsite.com/data/data.csvandsee exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.
I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.
Thanks for any help.

If it is possible to do so then store the file in a directory that
isn't visible to the web. For example, if when you look into the web
server's FTP site and your home directory contains a public_html
directory or similar from which web pages are served, save the file to
the level above the public_html directory.

If everything on your web server's machine is web accessible then
create a directory for your file to go in and protect it with
a .htaccess file that is set to deny from all.

If at all possible go for the first option as it is 100% foolproof,
whereas the latter might fail if a misconfiguration of the web server
occurs (like the host installs a new version of apache and forgets to
enable support for .htaccess files when they start it).
Thank you for the replies. Part of the problem is that the web server
has set my HTML directory to "/../domainname.com" instead of "/../
domainname.com/public_html." I have sent a trouble ticket asking that
the HTML directory be changed to /public_html so that I have access to
the parent directories while the "public" only has access to the /
public_html files. These replies led the way. I think I am better
equipped to deal with this. Thanks again.
Jan 9 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.