View Full Version : Hiding .txt files
cyberefl
12-23-2002, 06:59 AM
Is there anyway to prevent strangers accessing and displaying .txt files stored in cgi-bin? I have .txt files that contain the names and grades of students, and I want to keep these private, so that they can only be accessed by a CGI script, or by me when I'm logged in (Tripod).
At the moment, I'm hiding the contents by encrypting/unencrypting them with simple little subs I made. For example, to read the data, I load an HTML page with a password box and enter a password. This runs a CGI script that opens the file, unencrypts the contents and displays them. Other CGI scripts that update the grades, add new grades etc also have to employ the subs.
But if I could just protect the file from being accessed over the web, I wouldn't need to bother with this....
chrisvmarle
12-23-2002, 11:19 AM
I think this can be done using .htaccess (if suported)
(http://javascriptkit.com/howto/htaccess.shtml)
Like this:
<Files theFile.txt>
order deny,allow
deny from all
</Files>
Mzzl, Chris
crackn101
12-28-2002, 04:17 AM
What if you were to set the file permissions to
Owner = read, write only ? ( chmod 600 )
This should allow access only to your cgi scripts, but no one else.
Take Care.
crackn101
optimism_
01-07-2003, 07:14 PM
This advice I beliave came from WebMonkey and would help if you're not using unix with chmod. If you name your text files with a .cgi extension, any access to them returns either a 403forbidden or a 500Internal Server Error. They will not be executed because of the absense of
#!usr/local/bin/perl
from the beginning of the file. This keps your files private :)
Hi there
I have just read the above and it makes good reading but....
What if the text file (or now renamed file to .cgi) is being written to by a perl script. Can you name the text file with the .cgi extension and still write to it from another .cgi script?
As an example:
A mailing list script that I have found (Alexander Development (http://www.alexanderdevelopment.net)) basically adds the email address to a text file called mailinglist.txt or deletes an email address from the file if the user wishes to unsubscribe. The text file will need to be CHMOD to all/rw/rw.
People can still access this text file and look at the mailing list - which for obvious reasons should be kept confidential.
But, can the text file be changed to .cgi and the other script still read and write to it, thus preventing unauthorised viewing of the file?
Or is there a better way around this?
Look forward to hearing your comments.
vBulletin® v3.8.2, Copyright ©2000-2012, Jelsoft Enterprises Ltd.