Where should I put my connect.php file that has my database info it? I have been reading not the same directory and it should not be in the root. If so then how would do I get down to that directory when I'm including? Is there something I can do in a system file to know where to look or something?
Also, Is there anyway to protect php files from being read or written or anything but still have it run when it is called? I know it sounds weird but I have info in there that I don't want hackers to know (hash info and the like). Is there a way to protect the php files whether it be through encryption and/or read/write/execute access?
location of important connect file and protecting php files
Moderator: General Moderators
-
SidewinderX
- Forum Contributor
- Posts: 407
- Joined: Fri Jul 16, 2004 9:04 pm
- Location: NY
Re: location of important connect file and protecting php files
I generally keep my "config" file in my root directory, perhaps it is a bad practice, but it has never been the source of an exploit. You could however place your connect.php file in your home directory which will prevent http access to the file. You can include it using the absolute path (assuming a Linux environment) /home/username/connect.php or a relative path using a directory traversal. From your root directory, a file in your home directory would be located ../connect.php - notice the ../mainegate wrote:Where should I put my connect.php file that has my database info it? I have been reading not the same directory and it should not be in the root. If so then how would do I get down to that directory when I'm including? Is there something I can do in a system file to know where to look or something?
Also, Is there anyway to protect php files from being read or written or anything but still have it run when it is called? I know it sounds weird but I have info in there that I don't want hackers to know (hash info and the like). Is there a way to protect the php files whether it be through encryption and/or read/write/execute access?
If you want to "encrypt" your php files you could use the ionCube Encoder or the Zend Encoder, but those two pieces of software are not free, and there are decoders out there.
Re: location of important connect file and protecting php files
put your config file outside of the accessible document root directory. If you have the following typical setup:
Assuming /public_html is the document root, everything that should be accessible from a browser should go there. Anything that shouldn't should be outside. Suppose you have a bootstrap file under /public_html called index.php, and your config.php file is one up in the folder hierarchy, include it:
This way even if the PHP module fails on your apache (which happens more than you'd think), your configuration file with your sensitive information will not be accessible.
Code: Select all
/
/public_html/
...
Code: Select all
//index.php
$base = dirname(__FILE__);
require_once(dirname($base) . '/config.php');
Re: location of important connect file and protecting php files
That is awesome. Thanks pytrin.