Hello,
I am storing my mysql connection data and other sensitive information in a config file, however I detected an issue that anyone can access that file and view the contents of that file but I don't want to let anyone do that without appropriate permission.
I can encode the content of the config file but how will PHP decode that and get the original value?
Can anyone give me a solution.
Jump to Postif you are on a linux system, you can define the permission for the file as 4-0-0 which only lets the system read the file. Some hosts don't allow 4-0-0 so give it the lowest possible permission. If you are under Windows, there must be an equivalent.
if you are on a linux system, you can define the permission for the file as 4-0-0 which only lets the system read the file. Some hosts don't allow 4-0-0 so give it the lowest possible permission. If you are under Windows, there must be an equivalent.
How will I code it in such a way so that it works in any system?
Together with chrishea suggestion use .htaccess:
order allow,deny
deny from allSave this in the same directory that contains mysql connection data. This will avoid direct access through the browser.
On Windows you can use cacls, it's a command line tool: http://technet.microsoft.com/en-us/library/bb490872.aspx
Configuration php files for your web application must be located outside from web server root domain directory.
Most common directory structure:
/var/domain.com/www - ftp and web server root directory, visible from server-side and client-side(browser), index.php is here
/var/domain.com/include - ftp directory, visible only from server-side, config.php is here
In index.php write:
require_once '/var/domain.com/include/config.php';We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.