Keeping On-Rev Scripts and Data From Prying Eyes
andre at andregarzia.com
Fri Aug 6 09:32:10 EDT 2010
Checkout apache error_log, you may be facing some enforced policy here.
Sometimes it will not allow you access files outside DOCUMENT_ROOT.
If you want to keep your scripts outside of the prying eyes, just named them
something .irev and place the data inside <?rev ?> tags, they will be
executed by apache before sending that that tag will vanish. Even if they
manage to learn which file to call, they will not see anything.
I *love* little hacks!
On Thu, Aug 5, 2010 at 2:07 PM, Gregory Lypny <gregory.lypny at videotron.ca>wrote:
> Excellent. Good advice. Although, I've started to mess around with it,
> and my page is not longer working. I think I must be entering the file
> paths incorrectly or I have the wrong permissions. Those are two things I
> will have to do some homework on.
> Just as a first attempt, I created a folder named scripts. It is at the
> same level in the hierarchy as public_html and has the same permissions
> (750). Inside of scripts are the revolution handler MyLookUp.irev and
> MyData.txt. Both have permissions 0644, which is what they had when they
> were located in public_html.
> In my web page, which remains in public_html, I have <?rev include
> ../scripts/MyLookUp.irev ?>
> The line in the script that accesses the data is
> put url ("file:../scripts/MyData.txt") into tmpList
> On Thu, Aug 5, 2010, at 12:24 PM, use-revolution-request at lists.runrev.comwrote:
> > Best than putting them in the cgi-bin, i always prefer to set to be a
> read-only dir, each time we need to push data files away from eyes, it's
> mostly simple to put them inside a private htaccess/htpasswd protected
> directory (need login/passwd authentication on the web side ; full
> accessible to the irev scripts as a simple local filesystem directory).
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
http://www.andregarzia.com All We Do Is Code.
More information about the Use-livecode