TalkPHP - View Single Post - how to block a user from viewing a specific page

delayedinsanity · 04-24-2008, 06:15 AM

a) Don't put it in your document root. Have scripts call it from a different location.

b) If you have an Apache server, deny it with .htaccess or in your httpd.conf

c) make sure the file extension is .php so that the code will be parsed and unviewable in the browser.

d) put up a stop sign.

e) password protect the directory (view .htpasswd or whatever your server uses)

f) disable indexes.

g) if you have a user authentication system and the script is an administration script of some sort, check for administrative authorization or kill the script if it's not found.

It all depends on the specifics of what you're doing, and why you're doing it.
-m

04-24-2008, 06:15 AM	#2 (permalink)
delayedinsanity is cute and cuddly Join Date: Mar 2008 Location: Vegas, Baby Posts: 963 Thanks: 31	a) Don't put it in your document root. Have scripts call it from a different location. b) If you have an Apache server, deny it with .htaccess or in your httpd.conf c) make sure the file extension is .php so that the code will be parsed and unviewable in the browser. d) put up a stop sign. e) password protect the directory (view .htpasswd or whatever your server uses) f) disable indexes. g) if you have a user authentication system and the script is an administration script of some sort, check for administrative authorization or kill the script if it's not found. It all depends on the specifics of what you're doing, and why you're doing it. -m