Can I make a website file accessible only from my app?

Nikthegreek · July 11, 2019, 9:48pm

I used this method Hosting your own TinyWebDB to make my own TinyWebDB and it worked fine.

The only problem is when I type mywebsite.com/database.json it shows the database. That means anyone with that URL can access the database and read everything written inside it.

Is it possible to somehow forbid access to the database file unless it’s from inside my app? I want it to be readable only from my app’s users.

manishthetechguy · July 12, 2019, 12:04pm

have you replaced .htacess file properly.

Nikthegreek · July 12, 2019, 1:33pm

I don’t know much about the .htaccess file but after some research I discovered that I can password protect a page of my website or a single file and when someone tries to view it a dialog pops up on the browser and asks for Username & Password. But apart from that I don’t know how to use the TinyWebDB Component when the directory is locked. Do I have to use the Web Component with POST and GET?

(Note: I haven’t locked the file yet because it requires premium hosting plan which I’ll buy in a few days)

manishthetechguy · July 12, 2019, 1:34pm

which hosting services are you using

Nikthegreek · July 12, 2019, 1:39pm

manishthetechguy · July 12, 2019, 1:42pm

ok then open your .htacess file and post the content of the file here and you will find the file in the public-html folder of your website.

Nikthegreek · July 12, 2019, 1:49pm

# Start the rewrite engine
RewriteEngine On
RewriteBase /

# Disable Indexing
Options -Indexes

# Remove PHP extension
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.+?)/?$ $1.php

# Deny Access to Database File
<FilesMatch "database\.txt">
Order allow,deny
Deny from all
</FilesMatch>

^All these are from the .htaccess file included in the .zip file I downloaded from Diego’s Custom Tiny Web DB Tutorial

<Files database.json>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile http://MyWebSiteHere.com/.htpasswd
Require valid-user
</Files>

Is the AuthUserFile path correct? I read that it requires the absolute path of the .htpasswd file

manishthetechguy · July 12, 2019, 1:54pm

what happens when you try to acess database.txt

Nikthegreek · July 12, 2019, 2:00pm

Now that I’ve added this in the .htaccess file I get an error because I have the free plan which does not support Password Protection if I’m not mistaken

The error I get:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

If I type the URL http://MyWebSiteHere.com/database.json I can see everything that is inside that file:

{“user1”:“value1”,“user2”:“value2”,“user3”:“value3”,“user4”:“value4”,“user5”:“value5”}

Nikthegreek · July 12, 2019, 2:08pm

Is your database accessible only through your app?

manishthetechguy · July 12, 2019, 2:09pm

yes it is acessbile only through my app and you dont need any password for that.

Nikthegreek · July 12, 2019, 2:14pm

I read that 000webhost got hacked some time ago and also I wasn’t satisfied with the uptime when I was testing a website there. Now awardspace has a promo offer of just 1€ for the first year and it’s perfect for testing my app when I publish it on playstore. If it goes well I will buy better services but for now I’d rather not spend much money.

How did you accomplish that without a password? Was it via the .htaccess file as well?

manishthetechguy · July 12, 2019, 2:20pm

but 000webhost has never gave any uptime problem to me. now there services have improved you must give it a try.

Nikthegreek · July 12, 2019, 2:25pm

Now that I see it again, am I wrong or does the free plan give you 10GB of bandwidth & 1GB of storage? That’s really cool actually, with so much bandwidth I’ll probably not have to go premium.

manishthetechguy · July 12, 2019, 2:28pm

that’s why i am using it there bandwidth is amazing for free plan. plus you can double the amount of bandwidth and storage as they allow 2 websites. so i use this trick whenever my bandwidth of first website get exhuasted i change the services url of tiny db by firebase to my other website. hence i enjoy 20gb of bandwidth.

Nikthegreek · July 12, 2019, 2:31pm

Nice, so I set up the website and added all the files from Awardspace to 000webhost but the database.json is still visible from the browser

manishthetechguy · July 12, 2019, 2:40pm

TinyWebDB-PHP-master.zip (5.6 KB)
delete everything in 000webhost and upload these files to your website then you are good to go.

Nikthegreek · July 12, 2019, 2:51pm

Aren’t those the files from Diego’s tutorial? I had already uploaded the
storevalue.php
getvalue.php
.htaccess
but the database file extension was .json. Now that it is .txt its working fine! Thanks for the help! It worked

system · August 11, 2019, 2:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.