Shared hosting and security

[Bigfunkychief]

Hello - I have usually run my own servers, and always drop my .php files with MYSQL connection strings in a directory like /var, with webroot being /var/www/mysite.

 

I now find myself in a shared hosting environment for a client and wondering the safety of my connection string .php files.  Unfortunately they are sitting in a folder in the root of my hosting directory right now, and they feel vulnerable.

 

It seems the only thing I could do would be to put the root of my hosting into a subdirectory, point the site there, and then put my connection strings on directory back.  But seems the problem is they are still in my shared hosting.

 

What's the best way to secure this type of sensitive info in a shared environment?  I'm also getting ready to explore credit card processing via an API, and wondering if shared hosting is even worth it.

 

Thanks!!

[yaMz]

Only the server & ftp can read php files.

 

Also to answer your security needs: SSL

[meltingpoint]

I am on a shared hosting server also.  If yours allows, put sensitive files outside the public_html folder so that it is not in the root of your site.  Then call the sensitive data from that folder via a script.  I use flat files and this is the way I store them.  That way, if someone gets by the .htaccess and is allowed to see my public_html directory tree- any and all sensitive files are not open to view.

 

Some hosting does not allow you access to any thing above public_html though.

 

And as suggested- ssl is a must in my opinion.

 

Cheers

[Bigfunkychief]

Thanks for the help.  Good advice on both posts - what I did specifically for this GoDaddy Shared hosting was to:

1.  Enable SSH access

2.  Setup SFTP (good practice anyways)

3.  That gave me access to the subfolders in my FTP client, and then I could put my db connect strings in a subfolder out of the HTML folder.

 

Thanks!