Page 1 of 1
including files stored outside of root folder
Posted: Thu Apr 05, 2007 7:46 am
by php4user2007
Hi,
I read in a book that it is advised to store the database access information outside the rootfolder for security purposes. I think it makes sense but I would like to know what path I then need to specify in the include statement.
thanks,
P
Posted: Thu Apr 05, 2007 8:49 am
by feyd
Whatever path is necessary to reach the correct file. Generally, I consider the idea only marginally more secure.
Posted: Fri Apr 06, 2007 3:32 pm
by RobertGonzalez
If your site root is /var/www/my_site/public_html/ you would store them in /var/www/my_site/. Keep in mind that if you are including a file that has DB details that are either constants or variables, if you do not unset them after using them than they can still be echoed anywhere later in the script. If you are not distributing this application, why not just put them in the code?
Posted: Tue Apr 10, 2007 7:01 am
by php4user2007
this makes sense but I'm just not sure where you get the "/var/www/" from? If I access my domain via ftp it will display a path like
http://www.mydomain.com/public_html/index.php so I'm not sure where you can find out what path should be infront of the domain name.
thanks
Posted: Tue Apr 10, 2007 8:24 am
by Maugrim_The_Reaper
You can write a quick script in PHP to give you the full path:
Run, check the results, of course delete once done. You can run something similar from the PHP command line also if available.
The path is likely a UNIX path (unless you have a windows server). It will point usually on a shared host to /home/username/
www.mydomain.com/public_html/
Everything before /public_html is not accessible from the internet - so you can put the DB details anywhere below the public_html level (for any domain) and include using the absolute path, e.g.:
Code: Select all
include '/home/username/www.mydomain.com/db_details.php';
resolved
Posted: Wed Apr 11, 2007 6:46 am
by php4user2007
thank you very much - your suggestion was very helpful.
Posted: Wed Apr 11, 2007 7:36 am
by aaronhall
Your question gives me the feeling that your book is advising you to give include files the extension '.inc'...?