Keeping On-Rev Scripts and Data From Prying Eyes

Andre Garzia andre at andregarzia.com
Fri Aug 6 09:32:10 EDT 2010


Gregory,

Checkout apache error_log, you may be facing some enforced policy here.
Sometimes it will not allow you access files outside DOCUMENT_ROOT.

If you want to keep your scripts outside of the prying eyes, just named them
something .irev and place the data inside <?rev ?> tags, they will be
executed by apache before sending that that tag will vanish. Even if they
manage to learn which file to call, they will not see anything.

:-)

I *love* little hacks!

On Thu, Aug 5, 2010 at 2:07 PM, Gregory Lypny <gregory.lypny at videotron.ca>wrote:

> Excellent.  Good advice.  Although, I've started to mess around with it,
> and my page is not longer working.  I think I must be entering the file
> paths incorrectly or I have the wrong permissions.  Those are two things I
> will have to do some homework on.
>
> Just as a first attempt, I created a folder named scripts.  It is at the
> same level in the hierarchy as public_html and has the same permissions
> (750).  Inside of scripts are the revolution handler MyLookUp.irev and
> MyData.txt.  Both have permissions 0644, which is what they had when they
> were located in public_html.
>
> In my web page, which remains in public_html, I have <?rev include
> ../scripts/MyLookUp.irev ?>
>
> The line in the script that accesses the data is
>
> put url ("file:../scripts/MyData.txt") into tmpList
>
>
> Regards,
>
> Gregory
> Montreal
>
>
>
> On Thu, Aug 5, 2010, at 12:24 PM, use-revolution-request at lists.runrev.comwrote:
>
> > Best than putting them in the cgi-bin, i always prefer to set to be a
> read-only dir, each time we need to push data files away from eyes, it's
> mostly simple to put them inside a private htaccess/htpasswd protected
> directory (need login/passwd authentication on the web side ; full
> accessible to the irev scripts as a simple local filesystem directory).
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>



-- 
http://www.andregarzia.com All We Do Is Code.



More information about the Use-livecode mailing list