-1
  1. I want to block direct access to different php files (by writing let's say http://testpage.com/login_verif.php), for example the login verification one (that authentificates users).
  2. Is it possible for an user to access the config.php file that connects him to the mysql database (and has the password written in it)?
  3. Also, how can you configure your uploads folder, so that an user can only see the image for which he has the URL?
Popescu Ion
  • 142
  • 10

1 Answers1

0
  1. Exit the file if there is no data POSTed to the file, and/or place the file in a more controlled area.
  2. You should not have a config.php file - they are very much not safe, but instead environment variables.
  3. You may look into rewriting to disallow direct access, but allow referencing on the domain.
zbee
  • 959
  • 1
  • 7
  • 29
  • For problem 1, I already implemented it the first suggestion. Regarding the second idea, I don't know if it doesn't block any kind of access, even from the server itself (because "Deny from all" sound like it does). – Popescu Ion Jul 23 '19 at 21:20
  • It would still let you include the file, but nothing else, correct. – zbee Jul 23 '19 at 21:25