Database Security Concerns

Oztracker

I curently keep all my MySQL login information in one file, called db.php, and I access it from my PHP documents using an include statement. My concerns are that anybody with a program that can open a URL (such as many HTML editors) could track down my MySQL login information and wreak havoc on my database. Is there a way to prevent this?

bubblenut

htaccess, have a read up in your webserver documentation. Or you could just store the database access file completely outside of your web root and then you wouldn't need the htaccess.
HTH
Bubble

Oztracker

Thanks, that works. I just used htaccess.