Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Apr 2006
    Posts
    47
    Thanks
    2
    Thanked 0 Times in 0 Posts

    including a file from a seperate folder

    Hello.

    I'm taking care of a few security things before releasing my site. Right now, I'm working on storing my SQL usernames and passwords in a seperate file. What I've done is create a folder named "admin" which requires http authentication to access. I'm going to store my passwords and such in a file named "info.php" and I'll include the file when I need to log in to run SQL queries.

    My problem is that the following include does not work:

    include("/admin/info.php");

    Is it possible to include from a different folder? If not, what is the most secure way to store my passwords in a seperate file? Please note that I did try the above code both with, and without the http authentication and neither way worked. However, if I place the info.php file in the same directory, it works.

    Additionally, I wanted to know what else I can do to keep my site secure, here's what I've done so far:

    1. admin and sensitive areas of the site require http authentication
    2. All user input is scrubbed and no special characters are allowed.
    3. I've modified the SQL user permissions to only allow update/insert/select where necessary, and no user forms have drop, delete, or empty etc permissions.
    4. SQL only accepts connections from localhost

    So, other than storing my passwords and such in a seperate php script, (which I need the help with) are there any other security measures I can take?

    This is my first php site and I'm a tad nervous.

    Appreciated.

  • #2
    New Coder
    Join Date
    Jul 2005
    Posts
    81
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Try to include file like this include("./admin/info.php");
    If you can not find a decision, maybe you have to try to change a problem

    http://www.gunman.co.nr
    http://bglinux.org

  • #3
    New Coder
    Join Date
    Apr 2006
    Posts
    47
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by gunman View Post
    Try to include file like this include("./admin/info.php");

    Thanks! That works. If I require http authentication to access the admin folder would you consider that a secure setup?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •