PHPJunkyard support forum


https://developers.phpjunkyard.com/

LinkMan txt file sec suggestion

https://developers.phpjunkyard.com/viewtopic.php?t=2519

Page 1 of 1

LinkMan txt file sec suggestion

Posted: Fri May 01, 2009 9:47 pm
by DC
Version of script: All LinkMan Versions
Secure LinkMan data file from viewing.
Write your message below:

Klem I am posting this as I feel many will not change the name of the main data file that the script writes to, this allows anyone that understands how and where the script writes its data to, the ability to read the file as its plain txt, now because this file will most likely contains email addresses I feel it is important to protect this file from prying eyes and spammers ...

This is what I would do to protect the file:

For those running apache you can use htaccess like so,
Create an htaccess file with this code in it, and upload it to the linkman dir.

<FilesMatch "(^linkinfo).*\.txt$">
Order deny,allow
Deny from all
</FilesMatch>

thus disallowing any outside access to our data file.

Klem, you might want to think of adding this in with the script dl as most scripts out there I have tested seem to have this wide open. just a suggestion unless you have a reasion why this my not be a good idea.

DC

Posted: Sat May 02, 2009 3:36 pm
by Klemen
Sure, I can add that to the download. In fact since it's a simple file name you don't have to use regular expressions in the FilesMatch, you can simply use

<FilesMatch "linkinfo.txt">
Order deny,allow
Deny from all
</FilesMatch>

This will only work on Apache servers though, for future versions I will think of using a *.php file for storing the data and I can easily make that one non-displayable in the browser on any PHP enabled server.

Posted: Sat May 02, 2009 3:49 pm
by DC
You are correct I did it as exp because I felt some might want to block other data files so you have the ability to do so if one wishes yes I mentioned this for apache

So you could then do the following so I made examp below.
however the most important to do this with in my opin is the main links data file ... either should work fine ...

<FilesMatch "(^linkinfo|banned_websites).*\.txt$">
Order deny,allow
Deny from all
</FilesMatch>

And yes you can make it write a php based file that is not viewable but I felt this was a good quick fix you can easily include in the packaged dl ...

DC
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited