I'd love to know all of my options to hide things on the server.
Right now I know how to
1) Restrict access on pages
2) Use .htaccess to not allow access to anything in a folder.
I'd also like (if possible):
a) Customize my .htaccess so that only certain files are not allowed to be touched within a folder
b) Use php to safely hide sensitive material on a webpage (such as passwords)
Thanks so much,
If it is sensitive it doesn't belong on a public web server. If it needs to be hidden it should not be on a public web server. etc etc. You should think about what you are putting up. Does it need to be there? Should it be there? Why is it there?
Thanks for the quick response!
Basically, I need a place to store my config information (database passwords) so that my site can access them as it retrieves info from the database. This is my first time creating such a site, so any security help would be appreciated. In particular, can you clarify "shouldn't be on a public server"? I guess I'm not sure what the difference is between a "public" server and my "remote" server.
Thanks for help with such noobish questions
A public server is one that is accessible via the internet, public anyone can reach it. As for configuration it should be outside of the folder where the web server reads your files. For example should not be in "public_html" or "www" or how ever it is named.
Thanks, that makes sense!
One last thing, it is true that some hosts don't let you put anything outside of public_html folder? I feel like I've read this somewhere. And, if that's true, do you recommend getting a different host?
If you cannot access anything outside of the web root then yes get a new host. You should also inform them they are creating several security issues by not allowing that.
Muchly appreciated advice!