Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Deny Access to Apache Folder

Options
  • 28-09-2006 5:18pm
    #1
    GoneShootin
    Closed Accounts Posts: 8,478 ✭✭✭


    What I want to do is to deny windows kernal access to the apache folder, such that someone cannot browse my code. I have tried the native XP folder permissions and 3rd party software which all block access to the folder itself when browsing the file structure.

    However when I attempt to run my code in apache via any webbrowser I keep getting 404 errors.

    I've looked at encrypting the code but the overhead is proving a real issue on some of my larger apps (with all that hastily written code).

    Anyone have any past experiences?


Comments

  • Options
    #2
    monkey tennis
    Closed Accounts Posts: 583 ✭✭✭monkey tennis


    GoneShootin wrote:
    What I want to do is to deny windows kernal access to the apache folder

    If the kernel can't read the code, then Apache can't read it - I assume you mean any logged-in user.

    You should really have Apache running under a particular user account (e.g. make one called 'Apache'), so you can give it fine-level control (and hopefully prevent anyone using Apache to rail your machine) - check the Apache FAQ maybe, Windows isn't really my bag.

    This way you should be able to give only the Apache user view rights to the relevant directory.


  • Options
    #3
    GoneShootin
    Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    monkey tennis wrote:
    If the kernel can't read the code, then Apache can't read it - I assume you mean any logged-in user.

    You should really have Apache running under a particular user account (e.g. make one called 'Apache'), so you can give it fine-level control (and hopefully prevent anyone using Apache to rail your machine) - check the Apache FAQ maybe, Windows isn't really my bag.

    This way you should be able to give only the Apache user view rights to the relevant directory.

    Interesting, but the code may be deployed in an area where someone else has admin rights on the box (such as the IT support guy). So that apache user login could be circumvented by the admin.


  • Options
    #4
    monkey tennis
    Closed Accounts Posts: 583 ✭✭✭monkey tennis


    GoneShootin wrote:
    So that apache user login could be circumvented by the admin.

    Yup. The only ways you're going to get around that are either encryption or hosting it somewhere where you trust the admins (or a box you admin yourself).


  • Options
    #5
    daymobrew
    Registered Users Posts: 6,508 ✭✭✭daymobrew


    GoneShootin wrote:
    What I want to do is to deny windows kernal access to the apache folder, such that someone cannot browse my code.
    Others have told you why this solution won't work. I've gotta ask - why do you want to hide the code? Is it badly written? :p
    What language is it written in? Maybe you could compile it into a binary.

    A user agreement listing the appropriate restrictions might be a solution so that you have comeback if the code is stolen.


  • Options
    #6
    GoneShootin
    Closed Accounts Posts: 8,478 ✭✭✭GoneShootin


    daymobrew wrote:
    Is it badly written? :p
    What language is it written in? Maybe you could compile it into a binary.

    A user agreement listing the appropriate restrictions might be a solution so that you have comeback if the code is stolen.

    It's badly written alright, but that's not the reason I want to hide it :D It's a PHP app. User agreements are fine and dandy but for my paranoia needs to be satisfied!

    Looks like it's encryption of some kind then....


  • Advertisement
Advertisement