location of important connect file and protecting php files

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mainegate
Forum Newbie
Posts: 14
Joined: Sat Nov 29, 2008 5:49 pm

location of important connect file and protecting php files

Post by mainegate »

Where should I put my connect.php file that has my database info it? I have been reading not the same directory and it should not be in the root. If so then how would do I get down to that directory when I'm including? Is there something I can do in a system file to know where to look or something?

Also, Is there anyway to protect php files from being read or written or anything but still have it run when it is called? I know it sounds weird but I have info in there that I don't want hackers to know (hash info and the like). Is there a way to protect the php files whether it be through encryption and/or read/write/execute access?
SidewinderX
Forum Contributor
Posts: 407
Joined: Fri Jul 16, 2004 9:04 pm
Location: NY

Re: location of important connect file and protecting php files

Post by SidewinderX »

mainegate wrote:Where should I put my connect.php file that has my database info it? I have been reading not the same directory and it should not be in the root. If so then how would do I get down to that directory when I'm including? Is there something I can do in a system file to know where to look or something?

Also, Is there anyway to protect php files from being read or written or anything but still have it run when it is called? I know it sounds weird but I have info in there that I don't want hackers to know (hash info and the like). Is there a way to protect the php files whether it be through encryption and/or read/write/execute access?
I generally keep my "config" file in my root directory, perhaps it is a bad practice, but it has never been the source of an exploit. You could however place your connect.php file in your home directory which will prevent http access to the file. You can include it using the absolute path (assuming a Linux environment) /home/username/connect.php or a relative path using a directory traversal. From your root directory, a file in your home directory would be located ../connect.php - notice the ../

If you want to "encrypt" your php files you could use the ionCube Encoder or the Zend Encoder, but those two pieces of software are not free, and there are decoders out there.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: location of important connect file and protecting php files

Post by Eran »

put your config file outside of the accessible document root directory. If you have the following typical setup:

Code: Select all

 
/
/public_html/
...
 
Assuming /public_html is the document root, everything that should be accessible from a browser should go there. Anything that shouldn't should be outside. Suppose you have a bootstrap file under /public_html called index.php, and your config.php file is one up in the folder hierarchy, include it:

Code: Select all

 
//index.php
$base = dirname(__FILE__);
require_once(dirname($base) . '/config.php');
 
This way even if the PHP module fails on your apache (which happens more than you'd think), your configuration file with your sensitive information will not be accessible.
mainegate
Forum Newbie
Posts: 14
Joined: Sat Nov 29, 2008 5:49 pm

Re: location of important connect file and protecting php files

Post by mainegate »

That is awesome. Thanks pytrin.
Post Reply