Newgrounds.com — Everything, By Everyone.

i was planning on having soething in place so no one can come in and directly view my xml files because each xml file has passwords for users and i wanted to know whether i should use this

http://www.webdeveloper.com/forum/showth read.php?t=125966

or if i should use something more elaborate

thanks if you can help

Gosh you bum XML so much.

Anyway (just an idea, I don't know if you can or not) can't you have it outside the /public_html/ folder, then it's still accessible for the server but other people can't view it?

ok i got it to deny view of the xml but how would i stop people from getting the code

People can't get the code if they can't access the file. Unless they have FTP access o_O

I thought your host was taking care of XML access?

At 5/22/08 07:30 AM, adam2510 wrote: i was planning on having soething in place so no one can come in and directly view my xml files because each xml file has passwords for users and i wanted to know whether i should use this

http://www.webdeveloper.com/forum/showth read.php?t=125966

or if i should use something more elaborate

thanks if you can help

The method in that article is security through obscurity. You can still view the xml by just clicking view source (it is a markup language after all).

Might I ask how you're reading this xml file? Is it a PHP/ASP script running on the server or is it from a client-side environment like Flash or Javascript?

If it's being read on the server, you could just store it above the document root. The document root is the folder that the website's server looks in to feed people content.

It is generally a folder called htdocs or html or public, but some hosts use other folder names. Anything that is in a parent/sibling folder will not be viewable from your website domain. Naturally if you're opening the XML in Flash or Javascript then this will stop them from being able to open it too.

they can get direct access its just if they find the folder they can access all accounts

NOTE: i am going to use a encoding system i am about to make which is 99% fool proof

At 5/23/08 10:34 AM, adam2510 wrote: they can get direct access its just if they find the folder they can access all accounts

NOTE: i am going to use a encoding system i am about to make which is 99% fool proof

Please say your taking the piss? If a code can be decoded by whatever is using it, it can be decoded by a sufficiently determined person.

Can you supply me details about your hosting? There could be much more elegant solutions to your problem available. Is it running PHP? What about ASP? Ruby on Rails? JSP? Do you have access to a database?

And, to repeat my earlier point, what exactly is using this xml file? A client-side or server-side system? I've already posted a sufficient system for a server side configuration.

Can't you simply Chmod the .XML file to be accessible only by the server? Or give it a really long, (unguessable) name, so that nobody could even find it?

At 5/23/08 04:49 PM, Anim8or666 wrote: Can't you simply Chmod the .XML file to be accessible only by the server? Or give it a really long, (unguessable) name, so that nobody could even find it?

both can be surpassed by hacking.

you should try mod-rewrite, or what another poster suggested earlier. store it on the top document root so that it can only be accessed via the servers.

Long story short: the client should never have access to the full login database. It only needs to be able to try to login. Not get the password for a given user, nor the full password list.

i know how to do the login properly its just the wanderers which piss me off because if they stumble on the accounts i am screwed

For your hosting account, you have folders, right?
And you have to put all your files in PUBLIC_HTML right?
Well, put the file ABOVE THAT, so in the same folder that PUBLIC_HTML is in.

That way, somebody cannot access it, only the server can, k?

He's already been told that multiple times by multiple people :\

At 5/24/08 06:55 AM, smulse wrote: He's already been told that multiple times by multiple people :\

POST COUNT +1 SAM.

its not that simple i only have access to my folder

i cant move anything below my folder

At 5/25/08 04:51 AM, adam2510 wrote: its not that simple i only have access to my folder

i cant move anything below my folder

Above you mean surely? Can you make .htaccess files? They would be another way to stop people being able to open your xml files.

ok i will do that its just i dont know how to do it so the server can only access the files

You know... maybe you could go and get a better host, with PHP and mySQL... then you wouldn't have all these problems...

At 5/25/08 12:58 PM, Anim8or666 wrote: You know... maybe you could go and get a better host, with PHP and mySQL... then you wouldn't have all these problems...

No. That's too easy.

<_< no i am not answering it again

NO!!!!!!!!!

At 5/26/08 01:18 AM, adam2510 wrote: <_< no i am not answering it again

NO!!!!!!!!!

Why not. It's free.

And about the only way we'll be able to help you with your game. This this the last time I'll help you, next time I'll just scream at you to GTFO in allcaps.