codeboy89 Posted October 28, 2009 Share Posted October 28, 2009 In my PHP pages I use the following for my DB info: include('dbconnect.php'); If someone was to type the direct path to this file they get a blank page, would it be better to somehow prevent access to this file completely or is it fine the way it is? Quote Link to comment https://forums.phpfreaks.com/topic/179373-prevent-direct-access/ Share on other sites More sharing options...
nadeemshafi9 Posted October 28, 2009 Share Posted October 28, 2009 as long as it dosent take any paramiters and is permissioned 0655 you are ok Quote Link to comment https://forums.phpfreaks.com/topic/179373-prevent-direct-access/#findComment-946441 Share on other sites More sharing options...
PFMaBiSmAd Posted October 28, 2009 Share Posted October 28, 2009 Every http request that is serviced takes some server resources and invoking the php language engine to parse the file requires even more resources. It is customary to put php include files into a folder that is outside (closer to the disk root) of your document root folder so that no one can make a http request for the files or if that option is not available to you, put them into a folder inside your document root folder but also put a .htaccess file (Apache only) into the folder that prevents (Deny) http requests to all the files in that folder. Quote Link to comment https://forums.phpfreaks.com/topic/179373-prevent-direct-access/#findComment-946449 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.