Using .htaccess to deny access to a file

[Bassking]

I have a script located in http://www.mysite.com/script/, that reads the content of a xml configuration file, placed in the same directory. "config.xml" it's a configuration files of vital importance for the script to work properly. It contains user and password of the mysql database, and other important informations too, that shoul be visible ONLY to the script. The problem is that config.xml is readable by everybody by typing http://www.mysite.com/script/config.xml in the browser. So, I need to protect it, and I've thought to do it using .htaccess. I've created a .htaccess file in the folder, and this is his content:

 

<Files config.xml>

order allow,deny

deny from all

</Files>

 

Now, the result is that the file is inaccessible to all, INCLUDING THE SCRIPT, that doesn't work anymore. Is there a way to make the file readable only by the script? Even without using .htaccess. This is driving me crazy. Thanks in advance for your answers.

[PFMaBiSmAd]

You should be reading or including the file using a file system path and not a URL.

 

Using a URL causes your web server to make a separate http request back to your web server to fetch the contents of the file. This takes about 100 times longer than if you read the file through the file system.