Secure location for PHP files?

[sorenchr]

Hi, im currently developing a login system for my webpage. Recently i read a tutorial that stated that all php pages, containing sensitive code, should not be placed in the webserver root(Im on a shared webhost). So would a secure solution be, to place my login-process.php(handles the entered form data) inside a folder called "login" for example?

[xtopolis]

Primarily they mean a non www accessible directory.  You can change the CHMOD the directories from most FTP clients.

[sorenchr]

Primarily they mean a non www accessible directory.  You can change the CHMOD the directories from most FTP clients.

 

Is there a guide or tutorial to do this somewhere? I have absolutely no knowledge to CHMOD.

[sorenchr]

Oh wait, im using Filezilla, and when i right click on a directory and select "File attributes...", i can set some options for that particular directory. Seems like i can change owner, group and public permissions (write, execute and read), and i can assign a numeric value to that directory, is this what you are talking about?

[xtopolis]

Yes.  Owner will be the server hosting your site usually.

 

If you remove Group and Public permissions, it should come out to 700.  Then you can try to access it by going to http://www.yoursite.com/yourfile.ext  and you should not be able to access it.

 

There are tutorials, just google it.  CHMOD, web file permissions, etc etc

[sorenchr]

Alright, it makes sense now, thanks for your help.