Jump to content

Saving Payment Gateway Credentials in Web Root??

doubledee

By doubledee
in PHP Coding Help

 Share

Recommended Posts

doubledee Advanced Member

doubledee

Posted
Posted

I need to store the Login ID and Key for my Payment Gateway, and figured it was best to do this outside my web root ("httpdocs") on my VPS.

 

Unfortunately, my PHP Include is breaking, and it looks like this is a *major* thing to get working, since requires me to tinker with Plesk's default settings in Linux.  (This link seems to discuss the same issues I'm having:  http://stackoverflow.com/questions/2370053/how-to-include-file-outside-document-root )

 

Anyways...

 

Since I'm no Linux guru and afraid of breaking my VPS, how bad would it be to store my Authorize.net API ID and Key in a PHP file in my web root and include that file in my "checkout.php" file??

 

If anyone knows a reasonably easy way to fix the issue described in the link above, I'm all for it, but I am thinking I may have to just settle on leaving things in my web root...  :-\

 

Thanks,

 

 

 

Debbie

 

Link to comment
Share on other sites
anupamsaha Newbie

anupamsaha

Posted
Posted

You can have the file in web root, but, with extra care through .htaccess file. You can protect file(s) from reading through browser in .htaccess file. Here is an article to give you an idea:

 

http://www.techiecorner.com/1245/how-to-block-access-to-certain-file-types-using-htaccess/

 

Try it and let us know if it works or not.

 

Thanks!

Link to comment
Share on other sites
doubledee Advanced Member

doubledee

Posted
  • Author
Posted

You can have the file in web root, but, with extra care through .htaccess file. You can protect file(s) from reading through browser in .htaccess file. Here is an article to give you an idea:

 

http://www.techiecorner.com/1245/how-to-block-access-to-certain-file-types-using-htaccess/

 

Try it and let us know if it works or not.

 

Thanks!

 

Is there a way to lock a file so it cannot be opened, just like I could put a password on "MyFinances.xls"??

 

Also, what would be the best file permissions to put on my config file and the folder it is in, in addition to your .htaccess idea?

 

 

 

Debbie

 

Link to comment
Share on other sites
anupamsaha Newbie

anupamsaha

Posted
Posted

Regarding the password, you can use .htpasswd for this. You will find lots of article towards .htpasswd. And, regarding the file permission, you can set 640 (i.e. Owner will have read+write, group will have read-only and rest of the world can do nothing).

 

Hope this helps.

 

Thanks!

Link to comment
Share on other sites
doubledee Advanced Member

doubledee

Posted
  • Author
Posted

Regarding the password, you can use .htpasswd for this. You will find lots of article towards .htpasswd. And, regarding the file permission, you can set 640 (i.e. Owner will have read+write, group will have read-only and rest of the world can do nothing).

 

Hope this helps.

 

Thanks!

 

My structure is...

 

httpdocs/secure/checkout.php
httpdocs/private/auth_config.php

 

 

Does *Group* need any access??

 

Could I just set the permission for private to...

 

rwx --- ---

 

 

 

Debbie

 

 

Link to comment
Share on other sites
doubledee Advanced Member

doubledee

Posted
  • Author
Posted

If you need browser to access the files, then put 644 as permission. If PHP is running as CGI, you can set 700.

 

Thanks!

 

The file...

 

httpdocs/private/auth_config.php

 

 

Is being included by...

 

httpdocs/secure/checkout.php

 

 

So for my code to run properly, what permissions would need to be set on...

 

httpdocs/private ??

 

What about for...

 

httpdocs/private/auth_config.php ??

 

 

 

Debbie

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.