Re: status on Homepage

Armin Horner wrote:
Kim André Akerø schrieb:

First of all, make sure the status.txt file is in a directory that's
inaccessible from the web (ie. only accessible via your scripts),
preferably one step below the webroot, although not required.
.. it is, ok.


On all my PHP projects, I create a seperate directory called "inc" in
the webroot (or the root directory of my project). If Apache is used, I
place a .htaccess file containing the keyword "deny from all" in it.
.. i'll use htaccess

Or, if IIS is used (which has happened on a rare occasion), I make sure
all outside access is denied for this directory from the IIS manager.
That way, I protect my code (as well as the base configuration) from
being exposed and/or accessed directly.

Second, make sure your changestatus.php script ONLY reacts to the "on"
or "off" keywords. Or any other keyword you'd like to use instead (such
as "open" or "closed").

Further, to avoid someone outside your organization from setting the
status (such as opening the URL and making it look like you're closed
when you're open for business or vice-versa), you should place this
script under some sort of password protection (either via your CMS or
via a simple basic authentication method).


i'll protect it with a weird name and keywords so nobody switches on and off.

thanks for help
(.. been a long time ago since i last used php so this is very helpful)

Armin


Armin,

Don't. Obfustication is not security! It's only the illusion of security.

Follow the suggestions others gave you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
=================
.

Relevant Pages

  • Re: status on Homepage
    ... preferably one step below the webroot, ... place a .htaccess file containing the keyword "deny from all" in it. ... make sure your changestatus.php script ONLY reacts to the "on" ... i'll protect it with a weird name and keywords so nobody switches on and off. ...
    (comp.lang.php)
  • Re: File Encryption
    ... You could do IPSec to protect the channel, ... > script sent along as clear text if I can avoid it. ... >>> of all workstations with some encrypted file. ... >> certificates for the users for use with EFS, ...
    (microsoft.public.sms.admin)
  • Re: Im being hacked regularly
    ... Now the problem is that hackers don't only put my website regularly offline ... The site of the hacker tool had a PHP script that was used to get ... Now I protect against this kind of param by checking them and they can't ... IRC server directly from one of my scripts? ...
    (comp.lang.php)
  • Re: Attempt to execute script radon as a function
    ... radon.m starts with a the function keyword. ... Radon function which is a part of image processing toolbox. ... "Attempt to execute script radon as a function in line number..." ...
    (comp.soft-sys.matlab)
  • Re: password-protection
    ... > password-protected a website by including a password authentication script ... The script checks the login against the ... have used to protect HTML and other downloadable files (e.g., ... PHP script (which can reach into other directories besides the ...
    (comp.lang.php)