Hey!

Basically... as the title of this thread states.. i want to know of the security in php files...

Lots of forum installations like phpBB and the like, require you to type your MySQL databse username/password etc in a php file such as db.php

Im going to be using this same method to connect in a site im creating and im basically just wondering how secure it actually is? is there any way users can download this db.php file? or do i have no worries about simply typing away my sql information in a php file?

Regards!

:eek:

PHP part will be parsed at server side and nothing would be displayed unless you echo something there. Thus, no way to see the content. And I think you can prevent the access to this file by htaccess rules(just like server blocks an htaccess file), but I believe this is not required.

If this is your password file:


<?php
$username = 'dbuser';
$password = '12345';
?>


When the user downloads it, they will get an empty file.

Ah great thanks :)
just what i needed to know !

Cheers! :)

The passwords are generally OK if they're in a PHP file outside of your document root.

Sometimes there are hiccups and misconfigurations and PHP in the document root gets served as uninterpreted plain text. This happened with Facebook a while ago but it didn't really expose anything because the index files mostly just tied together includes from outside the document root.