Results 1 to 3 of 3

Thread: PHP and Website security? (Admin Help please)

  1. #1
    Join Date
    Jan 2005
    Posts
    27

    Default PHP and Website security? (Admin Help please)

    Hi,

    I have a question/concern about data security using bizhat.com.

    Usually using php website (like phpBB2 forum), it is a safe practice to put the username/password information in a folder which is accessible just for the php not the web!

    For example: if phpBB2 save the username/password data in an "index" folder, it is safer to put the folder the way that the Internet users cannot point it directly. Imagine this; the Linux web space provides WWW folder and what is located under it to the web server, so put the username/password folder not under WWW folder. Then in the phpBB2 config file point to the right username/password folder. (Let's say ../../index/ if phpBB2 is located at /WWW/phpBB/ and the index folder is located at /index/)

    The problem is here! Bizhat.com does not provide such a space that the user can upload the username/password files there and is not accessible by Web server. After FTP login, the root folder <...>.bizhat.com is the root of web space and user cannot put the data on the top of that! It raises a security issue as long as hackers can point to that folder and download the username/password files.

    Please advice.

    Regards,
    Kiavash

  2. #2
    Join Date
    Jan 2005
    Posts
    117

    Default

    But it saves the passwords in MySQL. :D

  3. #3
    Join Date
    Jan 2005
    Posts
    117

    Default

    And most FTP clients like SmartFTP allow u to CHMOD the file's permission, so u've got nothin to worry about! :D

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •