I am storing my mysql connection data and other sensitive information in a config file, however I detected an issue that anyone can access that file and view the contents of that file but I don't want to let anyone do that without appropriate permission.

I can encode the content of the config file but how will PHP decode that and get the original value?

Can anyone give me a solution.

6 Years
Discussion Span
Last Post by eXpertPHP

if you are on a linux system, you can define the permission for the file as 4-0-0 which only lets the system read the file. Some hosts don't allow 4-0-0 so give it the lowest possible permission. If you are under Windows, there must be an equivalent.

Votes + Comments
Thanks for the hint

How will I code it in such a way so that it works in any system?


Configuration php files for your web application must be located outside from web server root domain directory.

Most common directory structure:
/var/domain.com/www - ftp and web server root directory, visible from server-side and client-side(browser), index.php is here
/var/domain.com/include - ftp directory, visible only from server-side, config.php is here

In index.php write:

require_once '/var/domain.com/include/config.php';

Edited by eXpertPHP: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.