Had a major problem recently where my web hosting company messed up and all my php files were displayed in plain text. This was a major issue for me for obvious reasons. Mainly because mysql database details were exposed.
I am now trying to change the way in which my php files get the login information for the database so that this will never happen again even if the hosting company fail me.
my current set up looks like this :
include 'info.php';
class Login {
var $host;
var $username;
var $password;
var $db;
var $url;
Inside the info.php is the username, password and so on for the database. I want to make it so that the info.php file can never be viewed and only my .php files are able to access info.php in order to get the login infomation.
How can i set this up? This is a bit of a tricky one for me to explain so please dont be harsh and -1 me for a bad description.. just ask and i will clear up any gaps in my description.
Simply place
info.phpoutside your webroot. This way, you can include it, but should your web hosting f*#$ up, no one else can view that file, even as plain text.You would then include it like this:
include('../info.php');This way, even if someone finds out that you have a file called
info.phpthat stores all your passwords, they cannot point their browser to that file.The above would be the ideal and most watertight solution. However, if that is not possible due to permissions, the other option would be to place all sensitive files in a directory and block direct access to that directory using a
.htaccessfile.In the directory you want to block off access to, place an
.htaccessfile with the following contents:deny from all