Where do I put 'secure' include file?

mflynn

Hi!

I'm new to this forum and couldn't seem to find an answer I was looking for elsewhere, so I'm interested if you have an answer.

I'm new to the web but have done a good bit of reading and research on the subject of PHP and MySQL. I know a site can not be 100% secure, but I'm striving for as much security as possible.

To start, I've read a lot about how the following code should not be in the root (common_db.inc):

<?php
$dbhost = 'localhost';
$dbusername = 'username';
$dbuserpassword = 'userpassword';
$default_dbname = 'dbName';
?>

However, it is never said where it should go. Additionally, I have tried putting it in other places but can not include it using the include function.

So I guess my question is two fold. First, where should or can I put this file with database connection info where it is difficult to access without the proper permissions? And second, how could I use the include to access this secure information?

Many Thanks.
-M

nnichols

I always store db connection details outside of the web tree so it cannot be accessed directly. If you are unable to do this you should store it in an htaccess protected folder.

One extra little bit if protection is to check to see if the script is being accessed directly or being included in another script.