I was wondering if I could clarify some recent information I have found on the internet regarding PHP security. Im a self taught PHP/MySQL amateur and therefore have a very skethcy knowledgebase of the coding. lol
Im currently developing a website and would obviously like to ensure its as secure as possible from malicious activity and attacks....
My first quesion is regarding the PUBLIC_HTML folder and the use of PHP scripts and MySQL.
Am I correct in saying that any file within the public_html folder is basically open to attackers. For example ...say I have a registration script where members can register on my site.
The register.php file is the actual form that members fill.
The register_proceed.php file is the actual php code that checks, inserts and accesses the MYSQL database.
If I place both these files in the public HTML file then they are potentially at risk from being hacked right?
However ... Am I right in saying and is it possible to say for example set up a folder called register_inc at the public_html level of my server and then place the register_proceed.php file in this directory so that its not visible to the domain!
What exactly would this achieve in terms of security? Does this mean that no one can hack that script and that it can happily proceed to register the member?
Should this be done with all files that process my scripts and changes my mysql database?
Is this as easy as sending the form data to the register directory outside the public html folder and then it sending the confirmation back or is it much more complicated?
My second question is regarding cron jobs!
If i set up a cron job on my server it seems I have to insert the database connection details to allow it to work!
Is there any security loops that setting up cron jobs may cause?
I would really appreciate any feedback on this matter as now I am really interested in finding out all I can (in an easy to understand way) about website security! :OD