1

I have another question:

when i write localhost/folder/file.txt into browser, it opens and show the content of file.txt.

But I want make this file readable only by PHP, not by browser.

I tried everything with chmod but it doesn't work. Is it possible to do that?

Thanks

Improve this question
2
  • 1
    The most reliable way is putting it outside the web root. Commented Feb 11, 2013 at 10:50
  • I know this question is old, but for anyone who is interested: If it's only a small amount of data you want to store, then I recommend using a PHP encrypt/decrypt function - so people can only access the data with the correct key (which is stored in the PHP file). Otherwise, like others have suggested, use a database. I like using MySQL. Databases are only accessible with the correct username + password. You could also encrypt the data inside your database, just to add that extra layer of security. Commented Jun 17, 2020 at 3:50

5 Answers 5

Reset to default
5

Write to a file outside the web root, then the web server won't make it available to clients. (There is no requirement for a file to be under the document root for PHP to read it).

Other options include:

  • Using your webserver's auth/authz systems to secure the file (not recommended for this problem as it is more likely that a configuration error will break the security then it is that the file will be placed in the wrong place)
  • Using a database instead
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

You could refuse access to the .txt extension.

.htaccess

# prevent viewing of a specific file
<Files file.txt>
 order allow,deny
 deny from all
</Files>

# multiple file types
<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh|txt)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>
Improve this answer

4 Comments

Putting it outside the web root is still more solid, - AllowOverride in the server config could change and render this moot
I'm saying if AllowOverride changes in the central server config, this would leave the file unprotected. That shouldn't happen but it could. (Not my downvote though, sometimes this is the only way)
can i refuse access to a folder?
@MarekSchubert Access/Listing is refused mostly by the provider, by adding Options All -Indexes you force that...
0

You can put the text file into a mySQL database as BLOB or TEXT. So it becomes impossible to read by browser, only by query (through php).

Improve this answer

2 Comments

That's a very original suggestion, but there are arguably easier ways. :)
And better ways, for the purpose you want, you don't want to do this.
0

Simplest solution :

$s=file_get_contents('test.txt');

If the file has some code to execute, you can eval it.

eval(file_get_contents('test.txt'));
Improve this answer

Comments

-2

Have you tried chmod it to 660 ?

I just tried it using my web server, it is not available.

Improve this answer

2 Comments

Since the PHP script is usually running as the same user as the webserver, if you set the permissions so the server can't read it, then the PHP script won't be able to read it either.
A "Have you tried...?"-answer without explaining why it would work, could cause more harm than benefit. If you have a suggestion, please argue why it would work rather than leaving readers confused (in this particular case it won't work as @Quentin explains).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.