Home > Archive > PHP Language > March 2004 > include file with sensitive info
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
include file with sensitive info
|
|
|
| I have a site which uses an include file that contains the database name,
username, password to a mysql database. I use it as an include to numerous
php pages on my site
I am concerned that someone can just pull this file off of my site. However,
if I change permissions for his file, my php pages that include this file
fail..." main(gg.inc): failed to open stream: Permission denied in ..."
How typically do you guys handle such a thing? Putting the datyabase access
info into a file which is included. How can I now have that included file
not be accessible by the public? Thanks. Ike
| |
|
| Ike wrote:
| I have a site which uses an include file that contains the database
| name, username, password to a mysql database. I use it as an include
| to numerous php pages on my site
|
| I am concerned that someone can just pull this file off of my site.
| However, if I change permissions for his file, my php pages that
| include this file fail..." main(gg.inc): failed to open stream:
| Permission denied in ..."
|
| How typically do you guys handle such a thing? Putting the datyabase
| access info into a file which is included. How can I now have that
| included file not be accessible by the public? Thanks. Ike
First, your included files should end in .php (not .inc)
Then, the only way that these *.php files could be exposed to a users
browser is if PHP stopped working on your host.
Next, move your sensitive file(s) outside of the publicly accessible web
directory. How you do this will depend on what your hosts setup is like. Ask
them for this info.
It's probably something like:
root/your_website/
root/includes/
Then just adjust your path to the file you want to include each time.
--
Tony
| |
|
| Put this file in a non accessible folder, like if you website root directory
is /home/user1/public_html/, you can put the file in /home/user1/includes/
Or use .htaccess and put an instruction so nobody can view it contents
deny from all
Savut
"Ike" <rxv@hotmail.com> wrote in message
news:mg0ac.5987$Dv2.883@newsread2.news.pas.earthlink.net...
>I have a site which uses an include file that contains the database name,
> username, password to a mysql database. I use it as an include to numerous
> php pages on my site
>
> I am concerned that someone can just pull this file off of my site.
> However,
> if I change permissions for his file, my php pages that include this file
> fail..." main(gg.inc): failed to open stream: Permission denied in ..."
>
> How typically do you guys handle such a thing? Putting the datyabase
> access
> info into a file which is included. How can I now have that included file
> not be accessible by the public? Thanks. Ike
>
>
| |
|
| Continue ...
Myself I prefer the second solution as It's more secure.
Savut
"Savut" <webki@hotmail.com> wrote in message
news:YM0ac.12181$1A6.544644@news20.bellglobal.com...
> Put this file in a non accessible folder, like if you website root
> directory is /home/user1/public_html/, you can put the file in
> /home/user1/includes/
>
> Or use .htaccess and put an instruction so nobody can view it contents
> deny from all
>
> Savut
>
> "Ike" <rxv@hotmail.com> wrote in message
> news:mg0ac.5987$Dv2.883@newsread2.news.pas.earthlink.net...
>
| |
|
| Any idea what the entry would be that you would put in .htaccess ? Thanks,
Ike
"Savut" <webki@hotmail.com> wrote in message
news:JN0ac.12196$1A6.544932@news20.bellglobal.com...
> Continue ...
>
> Myself I prefer the second solution as It's more secure.
>
> Savut
>
> "Savut" <webki@hotmail.com> wrote in message
> news:YM0ac.12181$1A6.544644@news20.bellglobal.com...
name,[color=darkred]
file[color=darkred]
file[color=darkred]
>
| |
| Colin McKinnon 2004-03-30, 5:34 pm |
| Savut spilled the following:
> Continue ...
>
> Myself I prefer the second solution as It's more secure.
>
How so?
C.
| |
|
| deny from all
:D
Savut
"Ike" <rxv@hotmail.com> wrote in message
news:eg5ac.6927$Dv2.5549@newsread2.news.pas.earthlink.net...
> Any idea what the entry would be that you would put in .htaccess ? Thanks,
> Ike
>
> "Savut" <webki@hotmail.com> wrote in message
> news:JN0ac.12196$1A6.544932@news20.bellglobal.com...
> name,
> file
> file
>
>
|
|
|
|
|