I find it difficult to form my question properly, so apologies in advance.
I'm currently building a small web app where users can sign up, log in and upload pictures. These pictures are stored in different directories. I want to be able to lock these directories, so people cannot simply view the entire directory (because it features a picture contest and submissions should remain secret). But I also want the contents to be viewable. I intend to create long filenames within the directory automatically to keep them "safe".
Any thoughts?
Thanks in advance,
Lenny
To disable directory browsing of your files, the simplest way is to add a line to an .htaccess file (if you're using Apache) in a common directory:
Options -Indexes
Source
Alternatively you can add this also to a <Directory> or <Location> section of a vhost entry, but would apply to the entire vhost rather than just a given directory tree.
Related
Is it possible to deny access to files and folders within the web root without using .htaccess or file permissions? A universal solution that works with all servers?
This relates to a flat-file framework I'm making with PHP where the requirement is basically "drag the project folder in the web root to launch the site." The other goal is for there to be a front-end interface where the client can log in and edit content.
I deal a lot with shared hosting accounts where I can't always change the web root. Additionally, I don't necessarily want to rely on developers manually setting file permissions. The reason why I don't want to use .htaccess is that, one, it relies on the host being an Apache server, and, two, it relies on specific Apache settings.
EDIT: specificity
This was answered here with a couple of really great answers you'll probably find useful:
Prevent access to files from Apache without .htaccess
The first suggests setting permissions to be inaccessible and CHMODDing them with PHP when you need to access them.
The second suggested you place them outside of your web root but keep them accessible by PHP (using include(), I would assume).
Either or should accomplish what you're hoping. (Wish I could comment stuff like this.)
Here is my (probably very silly) newbie method of working on projects.
I have a directory C:\websites\ and I keep separate folders for all my sites in there.
Whenever I want to work on one of those sites, I copy and paste the files for that site from it's directory within C:\websites\ - for example:
C:\websites\website_one\*.* (just the files, not the directory) - and put those files straight in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\ - then open those files in notepad++.
It is extremely annoying to have to move the website I no longer want to work on for that day back to C:\websites\, and to move a different website into htdocs\ every time I want to work on a different website.
Could anyone help me with the standard way of structuring the directories of your local development sites?
I want to be able to access/work on my different projects more easily, and also be able to upload any of them for online testing and not have to change any links/includes because the directory structure doesn't match.
Locally, should I just replicate the web hosts directory structure in htdocs? For example:
htdocs\public_html\website_one
htdocs\public_html\website_two
Or something similar?
Thanks for any insight into this.
Since you work with Apache anyways, why not work with sub domains or url rewrites?
Heres a link to set up sub domains.
http://www.sitepoint.com/forums/showthread.php?394472-Setting-up-Subdomains-on-Localhost-Apache
Each site can be in its own folder, do keep in mind that includes or links should be based on the root of the website, not the root of the webserver.
Please i'll like you to enlighten me how best (folder) to save uploaded user profile pictures. In my previous projects i've usually uploaded into a folder inside the main project folder i.e
www/projectFolder/upload
would this be good for efficiency and security?
Already, i've disabled folder navigation (from URL) through .htaccess
this question
upload file with php and save path to sql
prompted my question.
Thanks
Why you don't use database to save them? I guess this is the best choice.
Anyway, if you can't save them in DB for any reason & you have to save images in a directory on your filesystem, I guess it's better to save them somewhere out of your web server htdoc directory (& sub directories), so access to those files would not be possible directly via web server. of course you'll need enough permission to allow your php scripts to read, write & modify files in target directory.
Also suggest to take a look at usage of .htaccess files on apache.
I am developing a Joomla Component which will allow visitors to download a sound file (be it mp3, or wave, does not matter). Those files are managed in the admin interface and can be unpublished in there.
Therefore, it seems that placing them in the assets section is not an option, as it would make them accessible directly from the server. I want to avoid direct access and only serve them through my MVC structure (usnig RAW document type) after verifying that the requested file is published.
Are there any conventions on the placement of those files inside my component's directory structure?
My first idea is to create a folder inside the administrator/components/com_mycomponent and keep the files there. Do I need to restrict access to this new folder with a new .htaccess file, or is it already taken care of by Joomla with a global .htaccess?
you should place the files in the media directory. It is supported by the installer and is much better place. The logic is to have code in com_mycomponent for site and admin and both of those will share media (images/css/js), downloads, etc...
/media/com_mycomponent/
Restrictions are up to you.
Here is Joomla installation structure, http://docs.joomla.org/Components:xml_installfile
I have a Problem with PHP and SVN. See here...
Using FUSE would be one option, but after a first look, it seems very complicated.
Is there any option to prevent an NTFS filesystem, WIN2003Server, to hide directories completely from a useraccount (I can setup apache to run under this account).
It is not as easy as it seems, given the following restrictions:
It must be a pattern match, I do not know in advance which SVN folders will be created
I cant deny the access to the whole parent folder, the .SVN and the content lay side by side
Simply hiding does not work, PHP does not care for hidden flag
Any ideas (or comments)?
I'm afraid the answer is no: Permissions in NTSF do not allow hiding of folders.
Here is a list of all permissions you can grant/revoke in NTFS:
Full Control (includes everything from below)
Traverse Folder
List Folder
Read Attributes
Read Extended Attributes
Create Files
Create Folders
Write Attributes
Write Extended Attributes
Delete
Read Permissions
Change Permissions
Take Ownership
Ignoring single files/directories is what the hidden attribute is for. If the program (typo3, right?) ignores the flag, your best bet is to see if you can configure it to
handle it. (But that would be a new question on SO).