Keeping On-Rev Scripts and Data From Prying Eyes
Richard Gaskin
ambassador at fourthworld.com
Wed Aug 4 20:06:51 EDT 2010
Gregory Lypny wrote:
> I'm tinkering with my first web deployment at On-Rev, and calling
scripts using
>
> <?rev include scriptname.irev ?>
...
> My question is, can users simply type something into the url field
> of their browser and view an entire text file from the public_html
> folder? If so, where should I be keeping or handling databases
> that need restricted read and write access? Likewise for scripts?
Dave Cragg to the rescue:
He's long advocated taking anything that isn't for public consumption
out of the public_html folder and referencing it in its new location one
folder up.
So if your directory structure looks like this:
root/
public_html/
mypage.irev
scriptname.irev
...you could switch it to:
root/
public_html/
mypage.irev
scriptname.irev
...and in your mypage.irev you'd change the reference to scriptname.irev to:
<?rev include ../scriptname.irev ?>
Like Mr. Cragg says, it's the difference between quiche and egg pie. ;)
--
Richard Gaskin
Fourth World
Rev training and consulting: http://www.fourthworld.com
Webzine for Rev developers: http://www.revjournal.com
revJournal blog: http://revjournal.com/blog.irv
More information about the use-livecode
mailing list