Ok so I am in the process of building a cms using php and mysql. I have a php file with my passwords in to access my mysql database. I want to make sure that someone can't access these through the web. I have read some things about using .htaccess but I am not totally sure if this is what I need. This talks about password protecting a directory but no one will need to access this so I don't think I really need this. I have also read about putting the folder outside of my web directory but I don't really understand how this works. My final option is that my host offers the ability to password protect directories could I use this?
The information doesn't need to be ultra secure I just want to make sure someone doesn't play about with it .
If someone could explain the options to me in basic terms i would be very grateful.
Thanks