How to secure vital information in php files

Forum Moderators: coopster

Message Too Old, No Replies

How to secure vital information in php files

As you would store mysql user/pass in db.php

scraptoft

11:35 pm on Apr 10, 2007 (gmt 0)

For ease of this topic I will call this file db.php. - I have already had the genius idea of not calling it that.

I was wondering what protection methods people use to prevent the access of db.php - a file which contains vital information such as mysql database information.

It struck me that some clever guy out there could surely download my db.php and read all the information inside it, is this possible?

Does changing CHMODD properties help to protect this file further?

All I have found is that storing the file in a folder above (and not inside) public_html can make it harder but I can't see this being an absolute method.

As my website has had a massive increase in traffic I thought it was about time to tackle this.

Any input is most welcome.

phparion

4:42 am on Apr 11, 2007 (gmt 0)

to store your vital information on a public server is a bad and to store it without any encryption is the worse idea ... anyway, you can throw this file into a folder and chmod and put a htpasswd in it or htaccess to make the folder accessible for authorized users only.

by the way you can put your information within php tags then even if someone opens it in browser he won't be able to see anything BUT remember with PHP-cURL people can access your this file for downloading BUT htaccess will make it hard for them to break in the folder to get it unless they know your password :)