View Full Version : how to protect files where constants (such as password) are kept?

09-09-2009, 04:29 PM
i use an include file where i keep my constants (such as mysql password, username, and etc.). how can i protect it from being viewed or downloaded if i deploy it the web?

09-09-2009, 04:55 PM
If it is a PHP file, and if your web server is properly configured, then no one will be able to view the file directly-- it will be parsed by PHP when it is requested.

If it is a plain text file, then you'd better take some steps to secure it from public viewing.

09-09-2009, 05:06 PM
I'd always recommend placing configuration files out side of the document root.

So, if you have uploaded your site to...


Then put your config files in

/var/www/vhsots/mydomain.com/config or something similar