I interact with a MySQL DB via HTML form pages + PHP script pages. I am wanting to protect my PHP scripts and the directory they are in, but I still want my HTML forms to be able to execute them like normal, but I do not want them to be able to view the scripts themselves. Can I setup .htaccess to protect the directory, and the files in it from being viewed, while still letting my html files execute these scripts? If so, then how? Thanks.I found that if you add the following into your .htaccess, you can execute CGI scripts. Will this work universally if I edit it for PHP? (i.e. replace "+ExecCGI" with "+ExecPHP"... and replace the extentions with "php")
Options +ExecCGI
AddHandler cgi-script cgi plCheck this link out
<!-- m --><a class="postlink" href="http://www.joe2torials.com/htaccesstut2.php">http://www.joe2torials.com/htaccesstut2.php</a><!-- m -->
Didn't see anything there that helped me 
I just want to be able to execute the php files in the folder, but I do not want people to be able to view the actual php scripts however.Redirect /dir1 <!-- m --><a class="postlink" href="http://www.yoursite.com/dir2/">http://www.yoursite.com/dir2/</a><!-- m -->
Password protecting your directory
You can add a username and password to a certain directory to stop people from being able to access a directory you want to keep prying eyes out of. If a person tries to access one of these folders they will be prompted for a username and password.
Here is how to do it:
AuthUserFile /dir/.htpasswd
AuthName "Restricted Area"
AuthType Basic
<Limit GET POST>
require user username
</Limit>
Take a look at this code, the first line is the directory in which your .htpasswd should go in, the next line states the message that will appear on the pop-up login box.
Limit GET POST is the prompt that will tell the browser that a user is required to login stated by require username (where username is your name). AuthType Basic Sets the authorization type of this directory to Basic
EDIT: Well you don't really need to worry about that, because people would have to get the php files off of your server directly since php is executed server side.If I password protect the directory, will I still be able to execute the php files within the directory without being prompted for a Login box?Yes, but like I said, you don't even need to worry about protecting php files. People can't actually see the php, all they see is html.So there is no need to protect PHP scripts? Or is there some way to be able to view the scripts if you know what you are doing? Sorry to ask so many questions, you are helping me out, and doing a GREAT job at that. I appreciate your time.Well in order for somebody to view your php scripts they would have to have access to your server. Meaning they would have to be able to ftp to your server, and get the scripts on their computer.
These forums are made in php, view the source and see if you see any php. You don't, that's because it's parsed server side.That is a huge relief in itself. I appreciate the help! ThanksYou're welcome, but if you think about it, that would be a huge security issue if that was possible.Should I be worried and continue to look at using .htaccess files? Or am I ok? It is an SSL'd site if that makes a difference.No, you should be fine; unless you have some kind of sensitive data that's not server side.I slid this over to the PHP Programming Section of the Forums to get it seen by more people with this sort of expertise
Though, it looks like Josh is handling pretty well anyway
to a point Josh in on the mark. but I have seen it stop execution of a php script. but you will never know unless you try.
if you protect a whole folder and all the scripts are in this folder then it should be fine.
Options +ExecCGI
AddHandler cgi-script cgi plCheck this link out
<!-- m --><a class="postlink" href="http://www.joe2torials.com/htaccesstut2.php">http://www.joe2torials.com/htaccesstut2.php</a><!-- m -->
Didn't see anything there that helped me I just want to be able to execute the php files in the folder, but I do not want people to be able to view the actual php scripts however.Redirect /dir1 <!-- m --><a class="postlink" href="http://www.yoursite.com/dir2/">http://www.yoursite.com/dir2/</a><!-- m -->
Password protecting your directory
You can add a username and password to a certain directory to stop people from being able to access a directory you want to keep prying eyes out of. If a person tries to access one of these folders they will be prompted for a username and password.
Here is how to do it:
AuthUserFile /dir/.htpasswd
AuthName "Restricted Area"
AuthType Basic
<Limit GET POST>
require user username
</Limit>
Take a look at this code, the first line is the directory in which your .htpasswd should go in, the next line states the message that will appear on the pop-up login box.
Limit GET POST is the prompt that will tell the browser that a user is required to login stated by require username (where username is your name). AuthType Basic Sets the authorization type of this directory to Basic
EDIT: Well you don't really need to worry about that, because people would have to get the php files off of your server directly since php is executed server side.If I password protect the directory, will I still be able to execute the php files within the directory without being prompted for a Login box?Yes, but like I said, you don't even need to worry about protecting php files. People can't actually see the php, all they see is html.So there is no need to protect PHP scripts? Or is there some way to be able to view the scripts if you know what you are doing? Sorry to ask so many questions, you are helping me out, and doing a GREAT job at that. I appreciate your time.Well in order for somebody to view your php scripts they would have to have access to your server. Meaning they would have to be able to ftp to your server, and get the scripts on their computer.
These forums are made in php, view the source and see if you see any php. You don't, that's because it's parsed server side.That is a huge relief in itself. I appreciate the help! ThanksYou're welcome, but if you think about it, that would be a huge security issue if that was possible.Should I be worried and continue to look at using .htaccess files? Or am I ok? It is an SSL'd site if that makes a difference.No, you should be fine; unless you have some kind of sensitive data that's not server side.I slid this over to the PHP Programming Section of the Forums to get it seen by more people with this sort of expertise
Though, it looks like Josh is handling pretty well anyway
to a point Josh in on the mark. but I have seen it stop execution of a php script. but you will never know unless you try.if you protect a whole folder and all the scripts are in this folder then it should be fine.