misheck Posted December 18, 2009 Share Posted December 18, 2009 I have just completed my very first php & mysql website after 1 1/2 years of trying to get into website development. Now what I need to do is to upload it to my website host but I am not sure where to keep my config.php file because this where I have all my database connections passwords etc. In my studies I have heard I am suppose to keep that file in htaccess protected folder but I am not 100% sure on all that. Can some please advise what precautions I should take when uploading my first website. Quote Link to comment Share on other sites More sharing options...
oni-kun Posted December 18, 2009 Share Posted December 18, 2009 PHP is a serverside language, meaning anything within the PHP files (save for output) Cannot be viewed by the user. Database passwords can be stored directly or via an include (usually a common practise) but there is no security risk involved with either way. The only possible way to view them is through an exploit on a poorly programmed script (SQL/path injection) or via FTP. I'd recommend you read up on common security practises revolving around sanitizing input from the user. mysql_real_escape_string -- Some security methods, quite handy Quote Link to comment Share on other sites More sharing options...
misheck Posted December 18, 2009 Author Share Posted December 18, 2009 Thanks I have already made an includes folder to make things easier for me when I upload my website. Quote Link to comment Share on other sites More sharing options...
emopoops Posted December 18, 2009 Share Posted December 18, 2009 make sure to keep all ur php in a protected folder! Quote Link to comment Share on other sites More sharing options...
oni-kun Posted December 18, 2009 Share Posted December 18, 2009 make sure to keep all ur php in a protected folder! This makes no sense. But yeah, creating a clean and simple infrastructure for your code is essential for later on. If you need any help with whatever just ask. Quote Link to comment Share on other sites More sharing options...
japesu Posted December 18, 2009 Share Posted December 18, 2009 For one step towards better security it is sometimes recommended that you put your code outside of your web folder and include from there (the code that needs better security, passwords and so on). For example in unix/linux systems you could make "../home/php_application/inc" folder and put your includes there that you want to "hide". I've found this to be less convinient to update etc so I haven't used this method a lot with my applications. But if you need more security this is something you can do. Quote Link to comment Share on other sites More sharing options...
emopoops Posted December 18, 2009 Share Posted December 18, 2009 i was joking. but anyways so noone can acess or "run the php script" if u put them where? my tree looks like this: socialemo.com/htdocs/index.php(main page of my site visible to all- kind of) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.