Closed Thread Icon

Topic awaiting preservation: Includes outside of web root (Page 1 of 1) Pages that link to <a href="http://ozoneasylum.com/backlink?for=26692" title="Pages that link to Topic awaiting preservation: Includes outside of web root (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Includes outside of web root <span class="small">(Page 1 of 1)</span>\

 
CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted posted 09-20-2005 20:51

is it OK to just include a page outside of the web root by doing:

code:
require ("/var/www/inc/my_sensitive_info.php")



I know I can do it this way, but is there maybe a better and more secure way to include info such as database connectivity info and the such.

Thanks in advance!

Later,

C:\

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 09-20-2005 22:27

why do you think this way is insecure?

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted posted 09-21-2005 00:22

just wondering is all.

Later,

C:\

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 09-21-2005 05:53

As long as you're using a hardcoded string this is as good as it gets. Once you start using variables is when things can get dicey.

Also a good practice is making sure your php.ini basedir setting is to /var/www/ helps.



.:[ Never resist a perfect moment ]:.

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted posted 09-21-2005 12:27

ok, so doing it that way is cool but say: require("$myInfo"); is not.

That's what I was wondering. Just where it starts to be not so good. I have just been wondering where it starts to be a little less secure.

Thanks!

Later,

C:\

« BackwardsOnwards »

Show Forum Drop Down Menu