Home/ Questions/Q 6105841
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T14:00:55+00:00

After reading through an article on a site, I became really worried for my

  • 0

After reading through an article on a site, I became really worried for my own server’s security…

Inside a PHP file, which is later on included on all my main php pages that get showed to users, my username and password (used all over my website – server root, mysql root etc) are inserted in plain text… is there anything to worry about? can anyone read the php file (like download it and read it instead of having the server execute it)?

Is there any risk of having my username and password stolen? they are simple text fields giving values to variables.

If so, is there any solution that you would suggest? like a crypto engine? or something?

Thanks in advance!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Store your configuration file containing usernames and passwords outside of your publicly-accessible root folder.

    For example, if your root folder is /home/username/public_html/ then store the config file in /home/username/.

    You can still include the config file in your PHP scripts running in public_html but should anything go awry (i.e. your web server starts printing PHP script contents rather than processing scripts) then your usernames and passwords should still be safe.

    • 0