Guest davedavenport Posted January 18, 2006 Share Posted January 18, 2006 I have noticed I can view the contents of the folders ie modules, pear etc etc from my browser. I know I cant see the contents/code but Is this correct? More importantly is this Secure? :sleep: Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted January 18, 2006 Share Posted January 18, 2006 You can modify your .htaccess file so that folder contents cannot be viewed. This is what my .htaccess file contains (the second line prevents folder contents from being listed): php_value arg_separator.output & IndexIgnore * Quote Link to comment Share on other sites More sharing options...
Guest davedavenport Posted January 18, 2006 Share Posted January 18, 2006 You can modify your .htaccess file so that folder contents cannot be viewed. This is what my .htaccess file contains (the second line prevents folder contents from being listed): php_value arg_separator.output & IndexIgnore * Brilliant worked a treat! Estelle your a star. Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted January 18, 2006 Share Posted January 18, 2006 Estelle your a star. The very meaning of my name! LOL :sleep: Quote Link to comment Share on other sites More sharing options...
exiladler Posted January 18, 2006 Share Posted January 18, 2006 Thanks, hope this makes it more diffcult for anyone hacking the shop. Quote Link to comment Share on other sites More sharing options...
Guest Posted January 18, 2006 Share Posted January 18, 2006 If you can't or don't know how to do a .htaccess file, you can simply create a file called index.html, add it to that directory and don't put anything it. OR, you can do as I have and put this in it: <html> <head> <title>What do you think you're lookin for?</title> </head> <body> <h1 align="center">What do you think you're lookin for?</h1> <h1 align="center"><a href="/">Here's the real site.</a></h1> </body> </html> Quote Link to comment Share on other sites More sharing options...
Guest fsecchi Posted January 19, 2006 Share Posted January 19, 2006 Thank you very much estelle that worked a treat, I do have another little query regarding security. I am not sure you may be able to help. The downloadable files I have are set in a folder and I would like to secure that folder. I used to offer them for free whilst testing and I did not secure the path. I know it is simple I just change the folder name but unfortunately that is not an option. The manner in which the operation is setup does not consent me to change the name. Is adding an .htaccess and option or is there another way that does not interfer with the cart. Thanks again Quote Link to comment Share on other sites More sharing options...
Guest groovejuice Posted January 19, 2006 Share Posted January 19, 2006 @fsecchi the key to protecting your download directory is to put in at the same root level as your html directory, rather than inside it. CC hides the location when sending a download link to the customer. Here is a link to a great tutorial on the topic by markscarts. Quote Link to comment Share on other sites More sharing options...
Guest fsecchi Posted January 19, 2006 Share Posted January 19, 2006 Thank you for the reply but unfortunately that was not the question I had asked. I know that the script hides the download path to the file but if i type http://www.thebuchanan.com/**/samplefile.pdf I am able to see the file without problem. This is the action I am trying to eliminate. I may have misphrased my last post and apologise for any confusion. Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted January 19, 2006 Share Posted January 19, 2006 im not sure if you password protected the folder using a .htaccess i think i have seen that PHP can still access the files and so can still pass it through in the intended way... my suggestion Try it ;) Quote Link to comment Share on other sites More sharing options...
Guest groovejuice Posted January 20, 2006 Share Posted January 20, 2006 Your path to the download folder shows it is inside your html folder. If you read the tutorial you'll see how to place it outside that folder, where it cannot be accessed through a browser. Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted January 20, 2006 Share Posted January 20, 2006 I know it is simple I just change the folder name but unfortunately that is not an option. The manner in which the operation is setup does not consent me to change the name. So it sounds like you cannot do the method that groovejuice is suggesting. I agree with aikdo - password protect the folder using .htaccess, and see if this works with the CubeCart PHP download script. Quote Link to comment Share on other sites More sharing options...
Guest fsecchi Posted January 20, 2006 Share Posted January 20, 2006 I gave it a go - added both .htaccess and a .htpasswd file to the directory. I requested the .htaccess to only protect the individual files in the directory and seems to have worked fine. The files are secure from browser access and CC has no problem in accessing them and allowing them for download. Thank you very much Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.