Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
Putting core classes above the web root – good or bad idea?
I keep reading that it’s a best practice to put MySQL connection credentials (whether it’s a class, defines, etc..) outside of the web root (above the www folder).
Why is this? If the credentials are in a .php file then it doesn’t matter if the file is accessible through the browser, right?
It’s a preventative measure. If someone accidently disables php evaluation in your apache server or changes an apache setting in an .htaccess file, the file could be served up like any plain text file. Or, if you accidently forget a php start tag, it would be redenerd like plain text. Not that you’d make such a dumb mistake, but maybe a future newbie working on your code might make a mistake.
Why leave a possible vector open when you can prevent it from ever being possible? Just take the advice of others who have shot their own foot (or like me, shot both feet and a hand) and move the credentials outside your docroot.