linux - How secure is storing sensitive information in a .PHP file on an Apache server? -

-


linux - How secure is storing sensitive information in a .PHP file on an Apache server? -

i making easy-to-setup, no-database php website stores info instead in text files.

the setup linux/apache/php server.

up info has been non-sensitive, store in: ../data/system.txt theoretically type (url)/data/system.txt in browser , see info file in plain text, didn't matter now.

but want store passwords various groups can log in , see different information. these sites "low interest" , "low profile" sites , if bored plenty hack site , sees information, it's not end of world, want provide modicum of technical hurdles site can have individual , grouping access rights while retaining ease of creating e.g. 50 of these sites without having set , maintain 50 databases.

my question is, best way protect these text files on apache?

i can think of following:

1) alter "../data" directory random directory name, e.g. "../data928374928374" kind of obfuscating measure

2) alter .txt file .php , protect text php code this:

<?php echo 'access denied'; die; /* ...store info here... */ ?>

3) set .htaccess file in /data directory protect files .txt , other endings:

<filesmatch "\.(sqlite|xml|txt|csv|php)$"> deny </filesmatch>

here thoughts on these:

1) imagine there ways find out names of hidden directories on servers this, true?

2) awkward have text file named .php , have php code in them since want non-tech people able edit text files , drop them as-is in info directory , have them work, without having "edify them technical code". not mention messes syntax-coloring in editors.

3) will .htaccess file work on servers> e.g. if re-create website apache server, guaranteed files protected, or there other settings can turn off effect of .htaccess files on apache servers?

this require bruteforce check yeah. true, complicates things non-tech people. plus i'd imagine might not want. .htaccess rules work apache server directory allowed utilize htaccess rules (and allows overriding of parameters, if required). note on configuration file might not called .htaccess else.

you utilize sqlite or similar not require database server.

another thought have construction like

/app /public_html /data

and have public_html contain website exposed outside world , /data not accessible (only scripts).

in /app folder can create htaccess rule redirect requiests punlic_html folder not visible outside user (it's possible behind scenes). , if both folders copies on including .htaccess file, should plenty one-step deployment

php linux security apache

Comments

Post a Comment

Popular posts from this blog

java - How to set log4j.defaultInitOverride property to false in jboss server 6 -

-
java - How to set log4j.defaultInitOverride property to false in jboss server 6 - how set log4j property false in jboss. not using log4j in application still property has set true. the reason, why trying set property false is, suspecting property overrides java.util.logging.logger configuration provided application. might because of this, log file not getting generated. boot.log infomation below: 02:46:10,495 debug [serverinfo] log4j.defaultinitoverride: true 02:46:10,496 debug [serverinfo] org.jboss.deployers.spi.deployer.matchers.nameignoremechanism: org.jboss.deployers.spi.deployer.helpers.dummynameignoremechanism 02:46:10,496 debug [serverinfo] org.jboss.logging.logger.pluginclass: org.jboss.logging.logmanager.loggerpluginimpl i have found in boot.log in jboss. in 1 of blog, developers told me that, log4j.defaultinitoverride property should set false avoid override of java.util.logging.logger. comment same if wrong. java logging jboss log4j
Read more

c - GStreamer 1.0 1.4.5 RTSP Example Server sends 503 Service unavailable -

-
c - GStreamer 1.0 1.4.5 RTSP Example Server sends 503 Service unavailable - i'm trying create rtsp server based on gstreamer 1.0 1.4.5 plugin. source code of illustration taken here. with_tls , with_auth flags not enabled. i'm compiling using visual studio 2013 community edition. project building , running successfully. when i'm trying play video using vlc on address rtsp://127.0.0.1:8554/test says can't open mrl. recorded traffic (using rawcap) of communication between compiled server , vlc player following: request: options rtsp://127.0.0.1:8554/test rtsp/1.0 cseq: 2 user-agent: libvlc/2.2.0 (live555 streaming media v2014.07.25) response: rtsp/1.0 200 ok cseq: 2 public: options, describe, get_parameter, pause, play, setup, set_parameter, teardown server: gstreamer rtsp server date: thu, 09 apr 2015 03:35:30 gmt request: describe rtsp://127.0.0.1:8554/test rtsp/1.0 cseq: 3 user-agent: libvlc/2.2.0 (live555 streaming media v2014.07.25) accept: applicat...
Read more

Using ajax with sonata admin list view pagination -

-
Using ajax with sonata admin list view pagination - i'm using sonata admin in project. in list view sonata refresh page when clik sec list pagination. that's default behavior of sonata.is there way utilize ajax phone call list view pagination !!! same question when using sortable list view. thanks. this possible, have overwrite of basic functionality of sonata admin bundle. tested symfony 2.6.6 sonata admin-bundle dev-master (4f23e1a30e49681bf8ebdbbae549848784be7699) 1. edit bundles services.yml you have implement own crudcontroller , new list template. tell in services.yml sonata.admin.youradmin: class: your\bundle\admin\youradmin tags: - { name: sonata.admin, manager_type: orm, group: "groupname", label: "grouplabel" } arguments: - ~ - your\bundle\entity\entityclass - yourbundle:yournewcrud # <- add together crud class here calls: ...
Read more