purencool Posted January 24, 2011 Share Posted January 24, 2011 hi phpfreaks, How do I protect the php file that holds the my applications database details any tips would be great Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/ Share on other sites More sharing options...
mike12255 Posted January 24, 2011 Share Posted January 24, 2011 I dont understand what you mean. People cannot see the code that is inside <?php and ?> although for connecting to db and stuff people normally use the include statement and keep that stuff in a seperate file. Go here Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/#findComment-1164196 Share on other sites More sharing options...
jcbones Posted January 24, 2011 Share Posted January 24, 2011 1. Put the file in a separate folder 2. use .htaccess to restrict the folder to `deny from all` .htaccess tips OR, 3. put the file in a folder above the public_html folder. Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/#findComment-1164201 Share on other sites More sharing options...
mike12255 Posted January 24, 2011 Share Posted January 24, 2011 if he did: 2. use .htaccess to restrict the folder to `deny from all` would he still be able to use it via the include function? Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/#findComment-1164202 Share on other sites More sharing options...
purencool Posted January 24, 2011 Author Share Posted January 24, 2011 Sorry I have include file that has an array that holds the following information. <?php $CONNECTION = array( host=>"localhost",database=>"blah",username=>"ast",password=>"q");?> What i am unsure about is how do I protect this file. I might not have to but at this point I am unsure so I am looking for some protection. thanks for your direction so far Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/#findComment-1164211 Share on other sites More sharing options...
jcbones Posted January 24, 2011 Share Posted January 24, 2011 if he did: 2. use .htaccess to restrict the folder to `deny from all` would he still be able to use it via the include function? Yes, it would still be usable for the server, just not by any http request. Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/#findComment-1164221 Share on other sites More sharing options...
fortnox007 Posted January 24, 2011 Share Posted January 24, 2011 some frameworks like joomla, use the following to disallow direct access to certain files. in the index.php they define a variable and in all other files on top they place a check if a variable is defined and else throw an error . Looks a bit like this: in index.php <?php define('blablabla', 1); include('anyfolder/anyfile.php');// include the stuff you want like a config file ?> in any other file that may not be directly accessible <?php defined('blablabla') or die('no direct access'); //or maybe a redirect or other error ?> Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/#findComment-1164236 Share on other sites More sharing options...
Psycho Posted January 24, 2011 Share Posted January 24, 2011 3. put the file in a folder above the public_html folder. That is my preferred approach. Then you never need to worry about a PHP error displaying the contents of the page or accidentally deleting an htaccess file, etc. Link to comment https://forums.phpfreaks.com/topic/225449-how-to-protect-php-file/#findComment-1164246 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.