I have been able to get phpFormGen to work pretty well after a few days struggle (755 not 777), but now I am a little concerned ablut leaving the admin and form generation files exposed on the WWW.
I can see two options:
1. remove the form generation files
2. Password protect the admin directory
Should I do either of these tasks?
Can I simply move the directory with 'form1.html' in it and hide/erase/protect all the other files & directories?
Any, and all suggestions would be appreciated.
Thanks...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is what I do.
You are right about 755 instead of 777, the 777 is not necessary if your host has things working properly.
1.) I password protect my FormGen install directory so people can not log in and create their own forms.
2.) After forms are created and tested I move them to another folder. All links in the form files are relative so moving is no problem.
3.) If you are using MySQL, data security is not much of an issue. Your issue is the SQL server name, database name, username and password. I take out any of this information in the process.php file and move it to the config.inc.php file in the admin directory.
4.) I password protect the admin directory using .htaccess files (setup using my hosts utilities).
5.) All image and html files are set to 744, and all php files are set to 755.
If I think of anything else I'll resubmit to this post.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have been able to get phpFormGen to work pretty well after a few days struggle (755 not 777), but now I am a little concerned ablut leaving the admin and form generation files exposed on the WWW.
I can see two options:
1. remove the form generation files
2. Password protect the admin directory
Should I do either of these tasks?
Can I simply move the directory with 'form1.html' in it and hide/erase/protect all the other files & directories?
Any, and all suggestions would be appreciated.
Thanks...
This is what I do.
You are right about 755 instead of 777, the 777 is not necessary if your host has things working properly.
1.) I password protect my FormGen install directory so people can not log in and create their own forms.
2.) After forms are created and tested I move them to another folder. All links in the form files are relative so moving is no problem.
3.) If you are using MySQL, data security is not much of an issue. Your issue is the SQL server name, database name, username and password. I take out any of this information in the process.php file and move it to the config.inc.php file in the admin directory.
4.) I password protect the admin directory using .htaccess files (setup using my hosts utilities).
5.) All image and html files are set to 744, and all php files are set to 755.
If I think of anything else I'll resubmit to this post.
Thanks very much.
I appreciate the comprehensive answer.
When I get back from my long weekend away I'll check the logs and implement your suggestions.
Henry H