Bigfunkychief Posted September 29, 2010 Share Posted September 29, 2010 Hello - I have usually run my own servers, and always drop my .php files with MYSQL connection strings in a directory like /var, with webroot being /var/www/mysite. I now find myself in a shared hosting environment for a client and wondering the safety of my connection string .php files. Unfortunately they are sitting in a folder in the root of my hosting directory right now, and they feel vulnerable. It seems the only thing I could do would be to put the root of my hosting into a subdirectory, point the site there, and then put my connection strings on directory back. But seems the problem is they are still in my shared hosting. What's the best way to secure this type of sensitive info in a shared environment? I'm also getting ready to explore credit card processing via an API, and wondering if shared hosting is even worth it. Thanks!! Quote Link to comment Share on other sites More sharing options...
yaMz Posted September 29, 2010 Share Posted September 29, 2010 Only the server & ftp can read php files. Also to answer your security needs: SSL Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted September 29, 2010 Share Posted September 29, 2010 I am on a shared hosting server also. If yours allows, put sensitive files outside the public_html folder so that it is not in the root of your site. Then call the sensitive data from that folder via a script. I use flat files and this is the way I store them. That way, if someone gets by the .htaccess and is allowed to see my public_html directory tree- any and all sensitive files are not open to view. Some hosting does not allow you access to any thing above public_html though. And as suggested- ssl is a must in my opinion. Cheers Quote Link to comment Share on other sites More sharing options...
Bigfunkychief Posted October 3, 2010 Author Share Posted October 3, 2010 Thanks for the help. Good advice on both posts - what I did specifically for this GoDaddy Shared hosting was to: 1. Enable SSH access 2. Setup SFTP (good practice anyways) 3. That gave me access to the subfolders in my FTP client, and then I could put my db connect strings in a subfolder out of the HTML folder. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.