Hello,
I'm having trouble understanding the concept of security in relation to a web site. From what I understand, you are supposed to place particular documents you don't want accessable to others on the internet above your root directory, but I don't understand how you can do this without hosting a site yourself. If you are paying for hosting on someone else's server, how do you make particular files secure? Such as password files and the like? Is there another way to make files secure? Any help would be much appreciated.

-Ashley

Originally posted by stompeers
Hello,
I'm having trouble understanding the concept of security in relation to a web site. From what I understand, you are supposed to place particular documents you don't want accessable to others on the internet above your root directory, but I don't understand how you can do this without hosting a site yourself.

Not all hosts will give you space above the web server's Document Root, but many if not most will. If you have space accessibe to you above or outside of your web server Document Root, you can store files there that cannot be accessed using a web browser by following a link or typing in an address. (useful for password files, and other sensitive information files

If you are paying for hosting on someone else's server, how do you make particular files secure? Such as password files and the like?

Again, many hosts will have their severs configured so that this is possible, you don't have to lease or own your own server to accomplish it

Is there another way to make files secure?

For sensitive files, there really isn't a good alternative to getting them out of the web server's document tree. You can use file permissions in some cases, or password protect web access through the web server configurations, but having sensitive files in locations that could be served by your web server is not the best option. If at all possible, you should get them outside of the webserver's document space.

Any help would be much appreciated.

-Ashley

What do you mean by secure? Do you want to put password on your files? or you dont want other people viewing them?

Thank you for the reply, folks.
I just found out that the host I use (coolfreepages.com) allows password protection by creating a directory called "protected" in your your accesible directory. Elsmore mentioned that the only good way to protect the pages is to get them out of the Document Root, so does this mean it's not a very secure method?
Also, are there ways to acheive the same thing, but with more security, using a database and scripting language (i.e. PHP and MySQL) ?
Thank you again for your help.

-Ashley

you can allways make a dir which is protected with an .htaccess file and deny permission from everyone (probebly what coolfreepages are doing, just with httpd.conf deny). The web server will be able to look at password files in that dir but not someone who is browsing, he will be prompt for a password.