Home/ Questions/Q 1103767
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T01:23:13+00:00

I am always reading that you should always store your database credentials outside of

  • 0

I am always reading that you should always store your database credentials outside of your document root because normally you would have them set to db.inc or something similar.

I can understand this and naturally it makes perfect sense.

What I don’t understand is why you are making the file into one that you either need to set apache to hide or you need to put it into a secure location in the first place.

What is the issue with making it, say db.php – Then apache knows to execute the script first and return the output (which would presumably be blank in most cases).

Maybe I am being dumb and missing an inherent security flaw but is there any issues with just storing your details in a .php file? I mean WordPress and other major open source PHP applications manage to get away with it, but is this because they can’t make their script talk to folders outside of www or because it is just as secure as any other method?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Maybe I am being dumb and missing an inherent security flaw but is there any issues with just storing your details in a .php file?

    A tiny slip up in the configuration of Apache, and the file starts being served raw instead of being processed by the PHP engine.

    I mean WordPress and other major open source PHP applications manage to get away with it, but is this because they can’t make their script talk to folders outside of www or because it is just as secure as any other method?

    They accept increased risk for increased convenience.

    • 0