I recently signed up with a free hosting provider(apache, mysql, php). When I login through ftp, I go to my root directory which is web accessible. So where do I hide the files that I don't want to be accessed through the web? Such as database connection files, user uploaded files, etc. Are all hosting services the same? Or do some of them give access to directories that are not web accessible? This first I am trying put an actual website up so I would appreciate any help. Thanks.

there is usually a folder outside of the web directory called private, if you dont have that then use this link to learn .htaccess http://www.javascriptkit.com/howto/htaccess.shtml
it will help you because you can stick all of your sensitive information within a folder and make it unaccessable from the web

Thanks. I will read it.

Hmm.. the direction says to protect directories with .htacces and save the password file in a directory above the web tree. Thats exactly what I can't do. Do you think making the password file 644 is will? Will it be enough?

the password file is just if you want to access the protected directory manually (through typing the address to it) at any time, if you dont want to access the protected directory in that manner then you don't need to worry and yes it is enough if you do

If you want to protect the content of your directory use .htaccess with .htpass files. If you want only to hide your folder's content you can create a blank index.html file and put in every directory you want.

the only problem of just putting a blank index.html file there is that the other files can still be accessed by a bot or an offline downloader like snake

If I understand you correctly, I should create a htaccess protected directory but I should not create a password file for it. This way it will be impossible to directlyaccess the content through a browser. BRILLIANT!
However, the content will be accessible by other scripts that are running outside of the htaccess directory. This way I can give access to the contents to the admins through secured forms/pages. Did I understand it correctly?

Yes, am trying to PROTECT the content. I want to be able to securely upload files. I am also trying to protect database connection info.

This question has already been answered. Start a new discussion instead.