File permissions on Shared hosts
-
08-07-2019 - |
Question
I've written a script which takes the summary of an order and stores in into an XML file, except the problem is that I don't want people to be able to open the XML file in their browser, obviously.
I'm hosted on a very dodgy shared server with limited abilities: no SSH, for starters.
Is there a place I can put this file so that PHP will still be able to read/write to it, but web browsers won't be able to get to it?
Ordinarily, I'd create a folder outside the document root and put it there, but I get a "Permission denied" message when I try that.
The folders which are there are:
- anon_ftp
- bin
- cert
- cgi-bin
- conf
- error_docs
- etc
- httpdocs
- httpsdocs
- pd
- private
- statistics
- subdomains
- web_users
PHP can't access the file when it's in the private
folder. Would this be possible using .htaccess?
Solution 2
I worked around it by putting the XML file in my httpdocs folder, but added a .htaccess file with this in it:
<Files ~ "myfile.xml">
Order allow,deny
Deny from all
</Files>
OTHER TIPS
You could create a directory containing a .htaccess
file that looks something like the following:
Deny from all
This will instruct Apache not to serve files from that directory; any attempts to access the directory or its contents will be met with a "403 Forbidden" response from the server.
Note: This depends upon the host not having removed Limit
from the list of options in their AllowOverride
directive; most shared hosts shouldn't have a reason to do this.
Couldn't you ask the shared-hosting provider to create an outside-web-root folder for you? I've certainly done this in the past.