Home/ Questions/Q 8446585
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T09:58:27+00:00

I have seen many recent php script open-source applications ( forums, cms, etc) for

  • 0

I have seen many recent php script open-source applications ( forums, cms, etc) for which the database info is stored in a separate php file but (unfortunately) inside the webroot. Now I am about to make a choice as to what script to go for, and therefore need to know how this neglect wold affect the security of my db?
In fact I don’t know how much, and what way, we could improve the security of our d by just moving the dbconfig.php to a separate directory?

I have already looked at this thread too:How to secure database passwords in PHP?

Okay, just now I found this thread mysql/php is this a secure way to connect to mysql DBand would like to make my question even more clear:
which one of these places is more secure to keep my dbconfig.php and why?

 1./dbconfig.php 
 2./public_html/dbconfig.php
 3./public_html/includes/dbconfig.php

suppose that the file index file is located here (I guess is referred aswebroot):

/public_html/index.php ( which first needs to include the dbconfig.php)
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In fact I don’t know how much, and what way, we could improve the
    security of our d by just moving the dbconfig.php to a separate
    directory?

    You have two basic tools to improve security. Simplifying things a little bit . . .

    1. Location. Moving it outside the web root makes it harder for others to get to. If they’re coming into your server over http, they’re not likely to be able to access anything below the web root. (But if they have shell access to your account, you’ve lost the battle. Secure shell and good passwords are your friends.)
    2. Permissions. That file should have the tightest permissions possible. In my case, it’s not readable by anyone but the owner. (chmod 600, for example.)
    • 0