Hiding DB connection

dgrinberg

Just a quick one, hopefully there is a quick answer.

I do not want anybody to be able to download my PHP files and includes and see the username and password to my DB.

I am currently using MySQL, and all connection and error handling is done in an include but someone could still download the file and find it.

How do I hide the DB connection string?

ziong

my answer: make the script can't be downloaded

i wanna to ask a question.
why anybody can download your script?
Usually u can't read the script source, can u get the source of this page (www.phpbuilder.com/forum/read.php3)?

Anon

Normally server side scripting languages like PHP and Perl doesn't make their source easily available unless your web server is misconfigured. For example, if its set up with improperly defined MIME types then its possible that users may unwittingly download the source code to your scripts.

To avoid this, you may want to look into setting read/write/execute permissions on the files themselves especially if the files are only meant for a select few then you can probably set them with r--r---- permissions. (read owner, read group, no access anybody)

Another thing that you can do is to give your DB source file definitions obscure names. That may help. Finally you should disable directory listings in your webserver by either include an index.html that redirects any access to the directory to your main page or consulting your Webserver manual for assistance on this area.