Few Questions


  1. I want to prevent webpage visitors from accessing my .css, .php, and .js files. I understand that I can accomplish this by using httaccess files. However there is a slight problem. I want to block direct downloads or viewing of my server folders yet allow them to view webpage contents. I have seen pages in which I get a “forbidden” message or “Cannot access files/folders” message yet I am able to view the webpage without the password prompt from poping up. How is this done?

  2. Database access script - The password is typed into the script to allow access to the database. Isnt it possible for visitors to just point the browser location to http://my blah domain.blah/file and then view the script with password showing? How do i encrypt the password text? Even then is it still safe to encrypt it since many people can just use some de-encryption software to reveal the password? What is the most secure option to script and/or store the files to prevent such access?

  3. How do uninstall a “goodie” :stuck_out_tongue: ? I dont see an option to uninstall anywhere in the panel under domains or elsewhere.

  4. how do I logout from this formum… geez… hehe just kidding :stuck_out_tongue: :wink:


how do I protect the password from being revealed in the php file since it is shown plainly in the script? Do I redirect the visitor to a directory that is above the public folder (eg. mydomain.com) on the server?

Also the browser will cache any and all files including .php files. if the password is on the php page then the visitor can easily access the database, right?


First, if you restrict access to your CSS files, your styles won’t work. Restricting directory listings is fine, but don’t try to set permissions on any file the client actually needs to see.

Passwords in plain text inside PHP files are safe (as long as the PHP module doesn’t break or get turned off) because the PHP is parsed on the server and only the output is sent to the client.

If you want useful replies, ask smart questions.