473,387 Members | 1,588 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,387 software developers and data experts.

How can I restrict access to a data file?

I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.

The big problem is that anyone can point their web browser to
www.mywebsite.com/data/data.csv and see exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.

I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.

Thanks for any help.
Jan 9 '08 #1
2 2542
On Jan 9, 5:03 am, phpn...@tragic.pointyhats.com wrote:
I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.

The big problem is that anyone can point their web browser towww.mywebsite.com/data/data.csvand see exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.

I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.

Thanks for any help.
If it is possible to do so then store the file in a directory that
isn't visible to the web. For example, if when you look into the web
server's FTP site and your home directory contains a public_html
directory or similar from which web pages are served, save the file to
the level above the public_html directory.

If everything on your web server's machine is web accessible then
create a directory for your file to go in and protect it with
a .htaccess file that is set to deny from all.

If at all possible go for the first option as it is 100% foolproof,
whereas the latter might fail if a misconfiguration of the web server
occurs (like the host installs a new version of apache and forgets to
enable support for .htaccess files when they start it).
Jan 9 '08 #2
On Jan 9, 9:09 am, Gordon <gordon.mc...@ntlworld.comwrote:
On Jan 9, 5:03 am, phpn...@tragic.pointyhats.com wrote:
I have a php script that processes a form and then posts the user
input to a data file on the server in a comma delimited format. For
simplicity call the file "data.csv." The script is working well and
the data is posted correctly to the data file.
The big problem is that anyone can point their web browser towww.mywebsite.com/data/data.csvandsee exactly what is contained in
the data file. Obviously, I want the data in that file to be hidden
to everyone in the world but me. I have to give sufficient
permissions to the php script to save the user data from the form to
data.csv, but I don't want the world to be able to see the data in
that file.
I have read and read some more with no luck. I do not run my own
server and am just using a hosting site. I have been working with the
file permissions, but every time I restrict access to data.csv the
script fails to write to the file because the permissions are
incorrect. Very frustrating.
Thanks for any help.

If it is possible to do so then store the file in a directory that
isn't visible to the web. For example, if when you look into the web
server's FTP site and your home directory contains a public_html
directory or similar from which web pages are served, save the file to
the level above the public_html directory.

If everything on your web server's machine is web accessible then
create a directory for your file to go in and protect it with
a .htaccess file that is set to deny from all.

If at all possible go for the first option as it is 100% foolproof,
whereas the latter might fail if a misconfiguration of the web server
occurs (like the host installs a new version of apache and forgets to
enable support for .htaccess files when they start it).
Thank you for the replies. Part of the problem is that the web server
has set my HTML directory to "/../domainname.com" instead of "/../
domainname.com/public_html." I have sent a trouble ticket asking that
the HTML directory be changed to /public_html so that I have access to
the parent directories while the "public" only has access to the /
public_html files. These replies led the way. I think I am better
equipped to deal with this. Thanks again.
Jan 9 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Paul | last post by:
Hi all, at present I I've built a website which can be updated by admin and users. My problem, I've combined "log in" and "access levels" to restrict access to certain pages, using the built...
5
by: Jay McGrath | last post by:
Does anyone know if it is possible to prevent a user from accessing the tables in an MDE file? I can go to my start-up menu and limit access to various functions, etc. I could even disable the...
28
by: gc | last post by:
Hi, What is the purpose of the restrict keyword? gc
4
by: Vijay Kumar R Zanvar | last post by:
Greetings, Are the following inferences of mine correct? 1. #include <string.h> char *strcpy(char * restrict s1, const char * restrict s2); a. s1 != s2 b. That means,
7
by: tweak | last post by:
Can someone give me a short example as how to best use this keyword in your code? This is my understanding: by definition restrict sounds like it is suppose to restrict access to memory...
5
by: toddles666 | last post by:
Hi- Is there any way of restricting access to a database by application & account? For example, I only want the application APP1 to access the database using the USER1 account. I've tried to...
12
by: Me | last post by:
I'm trying to wrap my head around the wording but from what I think the standard says: 1. it's impossible to swap a restrict pointer with another pointer, i.e. int a = 1, b = 2; int *...
2
by: Frederick Gotham | last post by:
I'm going to be using an acronym a lot in this post: IINM = If I'm not mistaken Let's say we've got translation units which are going to be compiled to object files, and that these object...
6
by: rainy6144 | last post by:
Does the following code have defined behavior? double *new_array(unsigned n) { double *p = malloc(n * sizeof(double)); unsigned i; for (i = 0; i < n; i++) p = 0.0; return p; }
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.