Password protect a CSV file
https://stackoverflow.com/questions/3738874
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am using a csv file to authenticate user login. Is it possible to password protect the CSV file? I do not want anybody to be able to download the csv file through url. I googled and I found out that it is not possible to password protect a csv file. Is there any other way I can password protect the file?
Solution
the short answer is no: CSV is a plain text format, it's not Excel.
the long answer is: you should never put security relevant information into a folder which is accessible via the webserver. move the file into a folder you can access from PHP but which is outside of your document root in Apache
OTHER TIPS
Compress it in a ZIP file using encryption. You'll have to decompress/unencrypt it each time you want to read from it, however.
See Powerarchiver, winrar, or other compression utilities for more information.
If using Apache, use a .htaccess file to deny access to that file. Better still, store the file somewhere above the webroot. For example, if your webserver is located at /home/username/htdocs/, you could store the file at /home/username/data/logins.csv.
If you're worried about someone downloading the file, put it someplace that isn't downloadable. Your webserver will only return files from a specific set of directories. If your CSV file is not in one of them, nobody will be able to download it.
