[SOLVED] DB Connection file security..

[chelnov63]

I am using shared SSL space on a web server.. therefore due to it being shared i cannot keep my database connection file outside in a directory at a level higher than the root directory... therefore someone theoretically could type in www.abc.com/dbconnection.php

 

I was just wondering how unsecure is this ?.. and given the above limitations..is there anything I can do to security wise to make it more secure?

 

thanks in advance..

 

 

[MasterACE14]

what is in dbconnection.php ? just connecting to your database or is there more? If it is just connecting to the database and is included on other pages then there is not much that can be done to it anyway.

[chelnov63]

its simply database connection info:

 

e.g

 

<?php
    
error_reporting(0);


	$dbhost = "xxx";
	$dbusername = "xxx";
	$dbpassword = "xxx";
	$db = "xxx";


$conn = mysql_connect($dbhost, $dbusername, $dbpassword) or die("could not connect to server");
$select_db = mysql_select_db($db,$conn);
?>

 

I was just wondering how safe this is from hackers.. maybe they have a way to view the php code etc.. and it is recommended that db info is kept outside of root (so there must be some reason, I'm guessing)..

 

thanks for your help

 

[MasterACE14]

nah that is pretty safe on it's own. As there is no input into the script.

[chelnov63]

cool!! thanks for the help mate!!! appreciate it

[MasterACE14]

no worries, any time.

[PFMaBiSmAd]

theoretically could type in www.abc.com/dbconnection.php

No theory is necessary, why don't you just try that and see what exactly you do get in your browser. You only get output that your code sends. As long as your usrname/password is in the form of php code in the file, it cannot be seen.