kb asked:
My php page has all the important database information, so I don’t want people looking at it. How easy is it for someone to view this information? Also I’v set the PHP file, so that you can’t access it directly using the URL, you can only see it when it is linked to by a form using the POST method.
My php page has all the important database information, so I don’t want people looking at it. How easy is it for someone to view this information? Also I’v set the PHP file, so that you can’t access it directly using the URL, you can only see it when it is linked to by a form using the POST method.
3 Comments to 'How easy is it for someone to download a php file from a website?'
January 21, 2010
you may want to consider creating a separate db-connex.php file (or whatever name) and putting it in a random named folder and have an include statement pull it in before connecting to the database. This way you can put all of you DB username and DB passwords in that file as variables and only allow server sided includes in yourt php.ini
Also add a little security to that folder and you should be just fine.
January 24, 2010
it is as easy as downloading an html file
January 26, 2010
don’t put your db config file inside your public folder. For example, if your web root directory is “www”, then have a “config” folder at the same level - . outside of your web root.
Also you should be able to deny access to any of your public files by using a .htaccess file.
Leave a comment