Which is more secure?

versatilewt

OK, I've been reading up on security and I know some basics, but I want to know which would be more secure:

storing files in a SSL directory
storing files outside the public web tree
storing info in a mySQL database (using php files in a ssl directory)

I want to do the mySQL because it is the easiest for me. However, there is some rather sensitive data that I need to protect. I will be using php sessions in a mysql database to authenticate users.

eoghain

It all depends on what you are doing, and what other measures you put into place.

storing files outside the public web tree - this is your best most secure method.

storing info in a mySQL database (using php files in a ssl directory) - this is second best, but can be just as good as the above as long as you secure your database properly.

storing files in a SSL directory - this isn't secure at all. Using SSL to transmit your sensitive data to/from the user is good, but you need to store it more securely that this.

AstroTeg

I would agree. Storing files is what the file system is good at. Storing files is not really what a database engine was designed for.

As mentioned, SSL is just a secure way to transfer data from point A to point B. Not a way to store it on the server. Now regardless of how you store your file on your server, having SSL will make your entire web app and data more secure when transferred.