Johnny2 Posted June 14, 2013 Report Share Posted June 14, 2013 Hi All, I've come across some PHP website-building literature that stated: "For sensitive data being stored, but not stored in a database, change your sessions directory, and use the Web root directory's parent folder" I understand that no one here is the author, but could someone take a guess at and explain what this means? I'm not sure what a sessions directory is. When it refers to "sessions", is it talking about session variables that we can create?... like if I wanted to store the logged-in user's first name in $_SESSION['userFirstName']? Is temporarily storing potentially sensitive data in session variables not secure? I'm pretty new at this, so please use plenty of laymen terms Thank you so much! Quote Link to comment Share on other sites More sharing options...
newseed Posted June 14, 2013 Report Share Posted June 14, 2013 (edited) In a nutshell, you can either store sensitive data to your server directory but you would need an method of protecting that data by placing the folder outside of your domain name but within your host's file structure...or store it on a MySQL database which is separate from hosted files. Preferred method is MySQL database. The folder mentioned above can't be viewed via FTP but can be viewed via the host control panel. Login to your control panel and you should see a folder structure for the domain. The right place to store your data is something like this: Correct: /www/_data/ INCORRECT: /www/mydomain.com/_data/ If you don't see /www/ or something like that then you need to check with your host. If you are going to allow users to store data then you may need need to install a SSL. Note: I would not be a happy camper if my personal/sensitive info was stored unsecured. Edited June 14, 2013 by Eddie Quote Link to comment Share on other sites More sharing options...
Johnny2 Posted June 14, 2013 Author Report Share Posted June 14, 2013 Thanks for your input Eddie. Let's say your website files & folders are supposed to go inside this made-up directory/folder: 123.456.78.90/public_html (this is kind of what the directory looks like when I'm in my c-panel anyways) Are you saying that I should put most of my website files in this public_html folder, but put data I want to protect into a different folder which is on the same level as the public_html folder? Like here: 123.456.78.90/_data If I'm correct, would you put files such as config files here (which may contain password info)? Question #2: How does this relate to session info (like session variables that I don't want hackers to get their hands on)? Quote Link to comment Share on other sites More sharing options...
newseed Posted June 14, 2013 Report Share Posted June 14, 2013 (edited) I believe you want to store data for say like users' name and password which requires them to re-access that info. Then yes, put the folder in the root directory. Ideally, saving sensitive data should be stored on a database. Maybe Ben here might have more insight on this or resources even since he has a much deeper knowledge in PHP. Or, you can install Wordpress and look how they able to store secure data (using MySQL). Edited June 14, 2013 by Eddie Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.