Scott Silva wrote:
> ankush grover spake the following on 2/10/2007 2:11 AM:
>> hi friends,
>>
>> I have configured a HelpDesk Ticketing System on Centos4.4. The
>> problem I am facing is that there is a file called "site.xml" which
>> contains the information about database connections and I don't want
>> ppl to be able to read that file through browser. As per the
>> readme.htm of that software if the below entries will be put in
>> .htaccess then nobody can read the xml through browser.
>>
>> <Files ~ ".xml">
>> Order allow,deny
>> Deny from all
>> Satisfy All
>> </Files>
>>
>>
>> Even though the above entries are there in .htaccess still I am able
>> to read "site.xml" file. How do I prevent the reading of this file ?
>>
>> HelpDesk Ticketing Software is under /var/www/html/request and
>> .htaccess is also under /var/www/html/request.
>>
>> Please let me know if you need any further information.
> Did you try to chown to root:root and chmod to 600?
> That should keep apache from reading the file.
Since it is a web application, that would also keep the application from
reading its own configuration file...
Putting the restriction in a conf file in /etc/httpd/conf.c is the
cleanest way to handle this.
--
Les Mikesell
lesmikesell at gmail.com