purencool Posted January 24, 2011 Share Posted January 24, 2011 hi phpfreaks, How do I protect the php file that holds the my applications database details any tips would be great Quote Link to comment Share on other sites More sharing options...
mike12255 Posted January 24, 2011 Share Posted January 24, 2011 I dont understand what you mean. People cannot see the code that is inside <?php and ?> although for connecting to db and stuff people normally use the include statement and keep that stuff in a seperate file. Go here Quote Link to comment Share on other sites More sharing options...
jcbones Posted January 24, 2011 Share Posted January 24, 2011 1. Put the file in a separate folder 2. use .htaccess to restrict the folder to `deny from all` .htaccess tips OR, 3. put the file in a folder above the public_html folder. Quote Link to comment Share on other sites More sharing options...
mike12255 Posted January 24, 2011 Share Posted January 24, 2011 if he did: 2. use .htaccess to restrict the folder to `deny from all` would he still be able to use it via the include function? Quote Link to comment Share on other sites More sharing options...
purencool Posted January 24, 2011 Author Share Posted January 24, 2011 Sorry I have include file that has an array that holds the following information. <?php $CONNECTION = array( host=>"localhost",database=>"blah",username=>"ast",password=>"q");?> What i am unsure about is how do I protect this file. I might not have to but at this point I am unsure so I am looking for some protection. thanks for your direction so far Quote Link to comment Share on other sites More sharing options...
jcbones Posted January 24, 2011 Share Posted January 24, 2011 if he did: 2. use .htaccess to restrict the folder to `deny from all` would he still be able to use it via the include function? Yes, it would still be usable for the server, just not by any http request. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted January 24, 2011 Share Posted January 24, 2011 some frameworks like joomla, use the following to disallow direct access to certain files. in the index.php they define a variable and in all other files on top they place a check if a variable is defined and else throw an error . Looks a bit like this: in index.php <?php define('blablabla', 1); include('anyfolder/anyfile.php');// include the stuff you want like a config file ?> in any other file that may not be directly accessible <?php defined('blablabla') or die('no direct access'); //or maybe a redirect or other error ?> Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 24, 2011 Share Posted January 24, 2011 3. put the file in a folder above the public_html folder. That is my preferred approach. Then you never need to worry about a PHP error displaying the contents of the page or accidentally deleting an htaccess file, etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.