How can I make it so everyone with access to a web browser can not access my filename.db file? Right now just typing in the URL http://www.smallbiztechnology.com/cgi-bin/dbman/filename.db will give full access to my text database. Is there a way to hide this from view while still letting the dbman script work?

1) Put the database in a PASSWORD PROTECTED directory via .htaccess.

2) Then edit the database file variable $db_file_name in the default.cfg file to include the FULL PATH to where you put the database file.

For more info on password protecting directories, search the support forums for htaccess.

Regards,

Eliot Lee

......and if you don't know how to use .htaccess use this......

#!/usr/bin/perl

print "Content-type: text/html\n\n";

$username = "USERNAME";
$password = "PASSWORD";
$path = "/PATH/TO/PROTECTED/FOLDER";

open(FILE,">$path/.htaccess") || die "Can't create .htaccess file : $!";
print FILE "AuthUserFile $path/.htpasswd";
print FILE "AuthGroupFile /dev/null";
print FILE "AuthName Protected";
print FILE "AuthType Basic";
print FILE "<Limit GET POST>";
print FILE "require valid-user";
print FILE "</Limit>";
close(FILE);

$newpass = crypt($password, "salt");

open(FILE,">$path/.htpasswd") || die "Can't create .htpasswd file : $!";
print FILE "$username:$newpass";
close(FILE);

print "$path is now protected.";



Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/

Thanks for your help!

Thanks so much for your help!

There is an easier way, and if you're really paranoid you can combine the two...
Just put the database outside the html root directory. So if your html root directory is called something like:
/your_site/public_html
you make another directory under the /your_site/ directory
let's say /your_site/database.
This is absolutely not accessible for a webbrowser, because http://www.your_site.com/ points to /your_site/public_html/ and with a browser you can't go up in the directory tree.
Only your cgi program can access the file. To make sure about the path, do a PWD when you're in the directory, because the path is surely translated from the actual path, which may look like
/home/user_sites/your_site
to the path you see and the cgi program is not always able to get there with just the /your_site/database path. It's just something to check when it's not working straight away.

Hope this helps!
Mike

That only works if you have a "web" directory in another ROOT folder...for most accounts though, users only have access to their ROOT WEB folder...and I already recommended putting the database file in a non-web accesssible folder.

Regards,

Eliot Lee

What is your provider is using Win2k/IIS5. Does this .htaccess thing work with it?

ChessMess

Nope...

Regards,

Eliot Lee

So what are your options if you are on a Win2k/IIS5 platform? Any?

ChessMess

You could turn on Basic Authentication, which will allow you to "password protect" your folders, but keep in mind, doing this is highly insecure, since data passed is in plain text format...no encryption like with .htaccess for Apache servers.

The other choice is to ask your hosting company to create non-web folders for you where you can store the database files. Then change the variable configs in the default.cfg file.

Regards,

Eliot Lee