Encrypting db.php page?

[quillspirit]

How can I secure my db.php (I have it named something else) page so if somebody finds it, they can't just view source and see the database login information? Is there a way to easily encrypt it? I've heard of Zend, and know it is enabled on my server, but I have NO clue as to how to use it. Please give me some suggestions. Thanks!

[Wintergreen]

Make a PHP page and upload it to your site.  Go to it and view source, you won't see any PHP.  I think the only thing shown is source is what the browser was given to display the page, and since PHP is server side, none of that code is needed by the browser, so it isn't sent. 

[Daniel0]

You could use [url=http://www.zend.com/products/zend_guard]Zend Guard[/url] or [url=http://www.ioncube.com/sa_encoder.php]ionCube PHP Encoder[/url].

[wildteen88]

No one can see the source code of any php file. If you can see the source code (not the output) when you go to view > source code, or when you go to the file itself. Then your server is misconfigured. The only time some will be able to see the source is if they manged to reteive your FTP details and download the file via FTP. Or if your server is configured to show the source code highlighted if you use a .phps extension.

[quillspirit]

Actually I came across a little script somewhere that allows you to enter a .php url into a form, and you can view the unparsed source of any .php page, remotely hosted... it IS possible. Kinda freaked me out when I saw how easy it was. Looks like Zend is my best option, as I can't afford to pay out of pocket for that other one. I just need to figure out how to use it.

[.josh]

you can also put your db.php in a directory below /public_html/ so it is not accessible by anybody but the server.

[quillspirit]

[quote author=Crayon Violent link=topic=107133.msg429418#msg429418 date=1157566730]
you can also put your db.php in a directory below /public_html/ so it is not accessible by anybody but the server.
[/quote]

I've heard of that, but I'm not sure what the new path would be - I call db.php from my header.php, which is located at domain/dir/header.php - the db.php is currently at domain/dir/inc/db.php - so I am using

[code]include('./inc/db.php');[/code]

what would be my new path, if I moved it below /public_html/ ?

../../../../db.php ? I always get so confused when it comes to paths... how many dots and such. Thanks for your help.

[.josh]

okay let's say you have this as a path:

/home/username/public_html/index.php

you could for instance create a directory called functions on the same level as public_html, with your file db.php

/home/username/functions/db.php
/home/username/public_html/index.php

get it so far? okay so in index.php, you would include it like this:

include '/home/username/functions/db.php';

[quillspirit]

EXCELLENT - Awesome, Thank You! That was simple.

One last quick question... what permissions should I have on that directory?

By default, it is 755 - should I change it?