...

View Full Version : including a file from a seperate folder



Morf
01-04-2007, 10:47 AM
Hello.

I'm taking care of a few security things before releasing my site. Right now, I'm working on storing my SQL usernames and passwords in a seperate file. What I've done is create a folder named "admin" which requires http authentication to access. I'm going to store my passwords and such in a file named "info.php" and I'll include the file when I need to log in to run SQL queries.

My problem is that the following include does not work:

include("/admin/info.php");

Is it possible to include from a different folder? If not, what is the most secure way to store my passwords in a seperate file? Please note that I did try the above code both with, and without the http authentication and neither way worked. However, if I place the info.php file in the same directory, it works.

Additionally, I wanted to know what else I can do to keep my site secure, here's what I've done so far:

1. admin and sensitive areas of the site require http authentication
2. All user input is scrubbed and no special characters are allowed.
3. I've modified the SQL user permissions to only allow update/insert/select where necessary, and no user forms have drop, delete, or empty etc permissions.
4. SQL only accepts connections from localhost

So, other than storing my passwords and such in a seperate php script, (which I need the help with) are there any other security measures I can take?

This is my first php site and I'm a tad nervous. :o

Appreciated.

gunman
01-04-2007, 02:30 PM
Try to include file like this include("./admin/info.php");

Morf
01-04-2007, 03:22 PM
Try to include file like this include("./admin/info.php");


Thanks! That works. If I require http authentication to access the admin folder would you consider that a secure setup?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum