Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a .ini file with sensitive information in my php wab app. I denied access to it using a .htaccess file:
<files my.ini> order deny,allow deny from all </files> I don’t have access to folders outside of htdocs, so I can’t move the .ini file out of browsable territory.
Is my solution safe?
The .htaccess will block access from the web. However, if you’re using a shared hosting environment, it might be possible for other users to access your ini. If its on a (virtual private) server and you’re the only user for that server you’re safe.
In case of shared hosting it depends on server configuration. For more info read: PHP Security in a shared hosting environment
You can temporarily install PHPShell and browse through the server filesystem to check if your server is vulnerable. (requires some commandline knowledge)