htaccess file in the main directory (custom question)

**eurorage** · 16 Feb 2011, 08:56 PM

Hi.

Zencart ver 1.3.9h
Payment addon
CAPTCHA TTF addon by RLEXYD

I know, that htaccess file ain't in the main directory of zencart, because the security is sufficient without it.

The problem is, when I added 2 addons (CAPTCHA + payment module), 4 custom .php files reside in the main shop directory.

Do I need to protect these files by using htaccess file? If so, how should it be done?

The payment module .php file might contain custom admin directory name. All the files are chmoded 644. The captcha files are debug, info and test. Can these files reside there without any risk?

Thanks in advance.

**Website Rob** · 17 Feb 2011, 02:10 AM

There is no security you can provide for these files using an .htaccess file, although, having a payment file within main shop dir. is definitely odd; should be in the Admin dir. at the very least. You'll have to depend upon the Server security established by your Hoster.

**eurorage** · 17 Feb 2011, 05:54 PM

The file doesn't do anything else than collect information from the payment processor and redirect to checkout_success or checkout_error pages.

The main payment files are in the includes/modules/payment/ directory.

The payment file in the main dir has my admin directory information, but to prevent that, I've just added a new require to includes/configure.php which points to the admin dir. Then added the DIR_WS_ADMIN2 to the payment files instead of raw admin dir name.

I guess it doesn't have to do anything with the security, or maybe it's better to make a file which will execute the hidden file in the includes directory? That's confusing.