folders secure

hi,

just a quick question for someone.

the folders that create connections.php and wadaassist etc are in my public_html directory.

the man index pages etc are password protected but can the folders be hacked by someone or will it be safe enough?

also i might store docs through the database into a fodler inside public_html will this be safe from hackers?

many thanks

If your server is php enabled it should not matter where you have the connection file as the source will not be available to whomever browses to it. If you want to check that your directories are secured like you expect them to be you should put some sample pages in them then try to access them from the browser. You should be able to determine if the files are freely available or if they are protected.

If this is file system style security then they should not be accessible, if this is secured with the inclusion of some code at the top of the pages then the directories themselves are not secured, just the pages with the code on them.

thanks eric,

i am using security assist to protect pages that are for users to use. however just wondering about folders like the data assist folder or if i created a folder to store documents from within my app, do i need to password protect that also?

thanks

You do not need to worry about protecting the folders themselves if the pages inside are password protected no one who is not authorized will be able to see them. If you have directory browsing disabled no one would be able to view the contents of them.

thanks eric

Your welcome, I hope I answered that acceptably for you. Let us know if you have any further questions or ideas that you would like feedback on.

We have SecureAssist, and have been creating secure pages, but what I need to know is how to secure PDF files within a folder where a secure PHP page with all the links to those PDF files are.
Webserver is IIS, windows.

Usually you would store the .pdf files in a folder above the root so they couldn't be accessed directly.

Then use the file download server behavior to allow access to those files only from a secured page.

So, from the secure page, do I create hyperlinks (text) to the PDF files in the higher folder? Then set the file download server behavior to all access?

You link to a file in the web site that has the file download server behavior that gets the file from the higher level and allows the user to download. That way you can add security assist validation on that page to prevent download by users that aren't logged in.

You don't link to the files directly, since there is no way to... that is why they are secure.