Can users of my website open this web address?

Question

Can users of my website open this web address?

On my website, I have a feature in which people can subscribe to a newsletter by posting an email address. I take the email address in php, check its integrity and then rewrite it to a txt file, for example. emailaddresses.txt. I noticed that if I go to www.mywebsite.com/emailaddresses.txt, you can see the email addresses. I am installing a htaccess file with options -indexes in it.

If emailaddresses.txt is an obscure file name, very long and with random characters, which is currently safe?

+3

php

James Jun 03 '11 at 9:42

source share

6 answers

, - -

+2

Tudor Constantin 03 . '11 9:44

Yeroon · Answer 1 · 2011-06-03T09:46:16+0000

Security of obscurity is NOT .

emailaddresses.txt -.

m.edmondson · Answer 2 · 2011-06-03T09:45:06+0000

- . , htaccess . , .

AntonioCS · Answer 3 · 2011-06-03T09:45:43+0000

-indexes , .

, , -. , .

Darksquirrel42 · Answer 4 · 2011-06-03T09:46:11+0000

if you store such data in a file, place access restrictions in place that prohibit access to this file for unauthorized users ...

Dunhamzzz · Answer 5 · 2011-06-03T10:12:25+0000

As others have said, write it outside of your website (i.e., inaccessible to the public).

Try the following: fwrite(fopen('../emaillist.txt', 'a+'), $delimiter . $email);(pay attention to ../emaillist.txt before). This will write the ONE email file located above your webroot, i.e. Instead, /home/user/public_html/emaillist.txtit will be located in /home/user/emaillist.txt, which will not be accessible via the Internet, but you will be able to see it via FTP.

Can users of my website open this web address?

More articles: