Include() and Require() security

Namadoor

Hi,

With most of the programs I write I have a file called vars.php which contains 4 varibles: A MySQL username, password, host, and database. I have the varibles between <?PHP ?> tags, and with a .php extension, so people can not view the varibles. I then use Require(vars.php) to get them when I need to connect to MySQL. My question is, how do you stop other people from using Include(www.mydomain.com/vars.php) or Require(www.mydomain.com/vars.php) and using the varibles to hack my MySQL database?

LordShryku

Best bet is to put the file outside of your document root. Then they'd need system level access to get it.