Topic awaiting preservation: Includes outside of web root $Pages that link to <a href="https://ozoneasylum.com/backlink?for=26692" title="Pages that link to Topic awaiting preservation: Includes outside of web root" rel="nofollow" >Topic awaiting preservation: Includes outside of web root\$

Author	Thread
CPrompt Maniac (V) Inmate From: there...no..there..... Insane since: May 2001	posted 09-20-2005 20:51 is it OK to just include a page outside of the web root by doing: code: require ("/var/www/inc/my_sensitive_info.php") I know I can do it this way, but is there maybe a better and more secure way to include info such as database connectivity info and the such. Thanks in advance! Later, C:\
GRUMBLE Paranoid (IV) Mad Scientist From: Omicron Persei 8 Insane since: Oct 2000	posted 09-20-2005 22:27 why do you think this way is insecure?
CPrompt Maniac (V) Inmate From: there...no..there..... Insane since: May 2001	posted 09-21-2005 00:22 just wondering is all. Later, C:\
bitdamaged Maniac (V) Mad Scientist From: 100101010011 <-- right about here Insane since: Mar 2000	posted 09-21-2005 05:53 As long as you're using a hardcoded string this is as good as it gets. Once you start using variables is when things can get dicey. Also a good practice is making sure your php.ini basedir setting is to /var/www/ helps. .:[ Never resist a perfect moment ]:.
CPrompt Maniac (V) Inmate From: there...no..there..... Insane since: May 2001	posted 09-21-2005 12:27 ok, so doing it that way is cool but say: require("$myInfo"); is not. That's what I was wondering. Just where it starts to be not so good. I have just been wondering where it starts to be a little less secure. Thanks! Later, C:\

Topic awaiting preservation: Includes outside of web root\$

Author

Thread

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted 09-20-2005 20:51

is it OK to just include a page outside of the web root by doing:

code:

require ("/var/www/inc/my_sensitive_info.php")

I know I can do it this way, but is there maybe a better and more secure way to include info such as database connectivity info and the such.

Thanks in advance!

Later,

C:\

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted 09-20-2005 22:27

why do you think this way is insecure?

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted 09-21-2005 00:22

just wondering is all.

Later,

C:\

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted 09-21-2005 05:53

As long as you're using a hardcoded string this is as good as it gets. Once you start using variables is when things can get dicey.

Also a good practice is making sure your php.ini basedir setting is to /var/www/ helps.

.:[ Never resist a perfect moment ]:.

CPrompt
Maniac (V) Inmate

From: there...no..there.....
Insane since: May 2001

posted 09-21-2005 12:27

ok, so doing it that way is cool but say: require("$myInfo"); is not.

That's what I was wondering. Just where it starts to be not so good. I have just been wondering where it starts to be a little less secure.

Thanks!

Later,

C:\

Maximum Security
OZONE
DHTML/Javascript
Server-Side Scripting - Oh my!
CSS - DOM - XHTML - XML - XSL - XSLT
Stupid Basic HTML
Visual Therapy
Photoshop
Photoshop Pong, Anyone?
*WARNING* BIG SIG APPROACHING
Photography
3D Modelling & Rendering
Multimedia/Animation
Print Graphics
Holding Pens
Philosophy and other Silliness
Outpatient Counseling
Site reviews!
Mad Scientists' Laboratory
Getting to know the Grail

Maximum Security

OZONE

DHTML/Javascript

Server-Side Scripting - Oh my!

CSS - DOM - XHTML - XML - XSL - XSLT

Stupid Basic HTML

Visual Therapy

Photoshop

Photoshop Pong, Anyone?

***WARNING*** BIG SIG APPROACHING

Photography

3D Modelling & Rendering