: How to set execute-only permission for a php script in a .htaccess file? I'm really a newbie in web-technologies, so this question may be silly. I have a php script that accesses a database,
I'm really a newbie in web-technologies, so this question may be silly.
I have a php script that accesses a database, therefore it stores a database password (tell me a better way to store this password).
Client-side JS sends Ajax request to this script.
What I want to archive: set permissions for the php script (probably through .htaccess, but i'm not sure) so that it can be called from outside and executed on a server-side, but nobody could access it's content.
More posts by @Sarah324
2 Comments
Sorted by latest first Latest Oldest Best
I'm partly confused by your question, so I'll answer it the best I can.
To set permissions on any file on a server (including php files) there's a couple of ways.
If you have a web file manager interface, you can access that and set php file permissions through that.
If you have direct FTP access to the server, you can use your FTP program to set php file permissions.
If you have direct access to a secure shell (SSH), you can set permissions in that, but that is something I'd only advise advanced users to do.
Regardless of which way you take, the standard permissions are 0x755. This means read, write, and execute permission for the owner of the file, and read and execute permission for the group and others. You'll need to read a linux manual to understand more, but for now, setting permissions to 0x755 is perfect.
If you're asking to protect the internal contents of a PHP file, then they're already protected provided your web server is set up normally. By default, all php files requested by any client are processed with the PHP interpreter then the output provided by that interpreter is then passed on to the client. The client then either sees the output from the php code or an error.
For example, if your php file is this:
<?php
$secret=1;
echo "Hello";
?>
and a client executes the file in a browser, then he/she will see:
Hello
But if the server isn't configured to have a program handle PHP files, then the client will likely see:
<?php
$secret=1;
echo "Hello";
?>
I hope I answered your question.
Perhaps I am misunderstanding but this sounds like a server-side script?
If this is the case then the script should be run from a designated cgi-bin (script) directory and the server permissions should prohibit anyone from directly accessing this directory (other than to run said scripts). Assuming the script runs correctly and any debugging is turned off, there should be no unwanted output.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.