Can I make a website file accessible only from my app?

I used this method Hosting your own TinyWebDB to make my own TinyWebDB and it worked fine.

The only problem is when I type mywebsite.com/database.json it shows the database. That means anyone with that URL can access the database and read everything written inside it.

Is it possible to somehow forbid access to the database file unless it’s from inside my app? I want it to be readable only from my app’s users.

have you replaced .htacess file properly.

1 Like

I don’t know much about the .htaccess file but after some research I discovered that I can password protect a page of my website or a single file and when someone tries to view it a dialog pops up on the browser and asks for Username & Password. But apart from that I don’t know how to use the TinyWebDB Component when the directory is locked. Do I have to use the Web Component with POST and GET?

(Note: I haven’t locked the file yet because it requires premium hosting plan which I’ll buy in a few days)

which hosting services are you using

ok then open your .htacess file and post the content of the file here and you will find the file in the public-html folder of your website.

# Start the rewrite engine
RewriteEngine On
RewriteBase /

# Disable Indexing
Options -Indexes

# Remove PHP extension
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.+?)/?$ $1.php

# Deny Access to Database File
<FilesMatch "database\.txt">
Order allow,deny
Deny from all
</FilesMatch>

^All these are from the .htaccess file included in the .zip file I downloaded from Diego’s Custom Tiny Web DB Tutorial

<Files database.json>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile http://MyWebSiteHere.com/.htpasswd
Require valid-user
</Files>

Is the AuthUserFile path correct? I read that it requires the absolute path of the .htpasswd file

what happens when you try to acess database.txt

Now that I’ve added this in the .htaccess file I get an error because I have the free plan which does not support Password Protection if I’m not mistaken

The error I get:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


If I type the URL http://MyWebSiteHere.com/database.json I can see everything that is inside that file:

{“user1”:“value1”,“user2”:“value2”,“user3”:“value3”,“user4”:“value4”,“user5”:“value5”}

Is your database accessible only through your app?

yes it is acessbile only through my app and you dont need any password for that.

1 Like

I read that 000webhost got hacked some time ago and also I wasn’t satisfied with the uptime when I was testing a website there. Now awardspace has a promo offer of just 1€ for the first year and it’s perfect for testing my app when I publish it on playstore. If it goes well I will buy better services but for now I’d rather not spend much money.

How did you accomplish that without a password? Was it via the .htaccess file as well?

but 000webhost has never gave any uptime problem to me. now there services have improved you must give it a try.

Now that I see it again, am I wrong or does the free plan give you 10GB of bandwidth & 1GB of storage? That’s really cool actually, with so much bandwidth I’ll probably not have to go premium.

that’s why i am using it there bandwidth is amazing for free plan. plus you can double the amount of bandwidth and storage as they allow 2 websites. so i use this trick whenever my bandwidth of first website get exhuasted i change the services url of tiny db by firebase to my other website. hence i enjoy 20gb of bandwidth.

1 Like

Nice, so I set up the website and added all the files from Awardspace to 000webhost but the database.json is still visible from the browser

TinyWebDB-PHP-master.zip (5.6 KB)
delete everything in 000webhost and upload these files to your website then you are good to go.

1 Like

Aren’t those the files from Diego’s tutorial? I had already uploaded the
storevalue.php
getvalue.php
.htaccess
but the database file extension was .json. Now that it is .txt its working fine! Thanks for the help! It worked :smile: