V
V
Vasily Petrov2018-02-25 15:47:05
PHP
Vasily Petrov, 2018-02-25 15:47:05

Is it safe to write "secret" data to a txt file with a krakozyabr name (eg [email protected]) that is open for reading?

Through php I accept and then write some data to a txt file. Its name is something like this: faslkfjasl21412lkjsaflka!42q41lkjflskj.
This file, of course, if you know its name, anyone can open it. Is it safe?
Are there any other ways to save data without using a DB?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
A
Alexander, 2018-02-25
@mbpig

Not safe, let's remember the leaks of all SMS messages from major mobile operators 5 years ago.
It can be stored in txt files, but since there is php on the server, then give it through it. That is, the "base" of the files lies in a folder that cannot be accessed from the outside, but PHP itself can look at the folder and read files. Let this php give out the content of the files for the duration of the session. The same php file also defines the rights to access data, if there is a multi-user option or just password access.
Through mod_rewrite, you can simulate the extension .txt in the address bar, and through the content type the format text.

C
CityCat4, 2018-02-25
@CityCat4

Any question with the text "is it safe ..." begins with the proto-question "who am I protecting myself from?". Since there is "safety", then there is "danger", isn't it? So who is the "danger"? Hacker Vasya from tyrnet? Server admin? Comrade Major?

A
Alexey Sergeev, 2018-02-25
@SergeevAI

Secret settings, keys and passwords must be written to environment variables.

D
DVoropaev, 2018-02-25
@DVoropaev

if the server is compromised, the data will not be protected

M
marataziat, 2019-10-13
@marataziat

Use uuid in the file name and it will be impossible to guess :) But that's only if you turn off directory listing on the server of course.
Many CDNs work this way! For example, if you look at the preview url of a video on YouTube, you will see that the url is very long and unpredictable. Even if this is a private video, the url on the preview in the incognito tab will be visible!

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question