Keeping On-Rev Scripts and Data From Prying Eyes

Richard Gaskin ambassador at fourthworld.com
Wed Aug 4 19:06:51 CDT 2010


Gregory Lypny wrote:

 > I'm tinkering with my first web deployment at On-Rev, and calling 
scripts using
 >
 > <?rev include scriptname.irev ?>
...
 > My question is, can users simply type something into the url field
 > of their browser and view an entire text file from the public_html
 > folder?  If so, where should I be keeping or handling databases
 > that need restricted read and write access?  Likewise for scripts?

Dave Cragg to the rescue:

He's long advocated taking anything that isn't for public consumption 
out of the public_html folder and referencing it in its new location one 
folder up.

So if your directory structure looks like this:

root/
    public_html/
       mypage.irev
       scriptname.irev

...you could switch it to:

root/
    public_html/
       mypage.irev
    scriptname.irev

...and in your mypage.irev you'd change the reference to scriptname.irev to:

<?rev include ../scriptname.irev ?>


Like Mr. Cragg says, it's the difference between quiche and egg pie. ;)

--
  Richard Gaskin
  Fourth World
  Rev training and consulting: http://www.fourthworld.com
  Webzine for Rev developers: http://www.revjournal.com
  revJournal blog: http://revjournal.com/blog.irv



More information about the use-livecode mailing list