Site Security, Best location for connection files

shortone

shortone

shortone

Associate
Joined
18 Oct 2005
Posts
158
Location
Kendal
Hi Guys,

I am aware that I have some connection files such as db.php that contain passwords and logins sat in folders on my site. Whats the best way of making sure they cant be accessed by hackers ? Is it simply a case of chmod 644 on each file ?
 
shortone said:
Hi Guys,

I am aware that I have some connection files such as db.php that contain passwords and logins sat in folders on my site. Whats the best way of making sure they cant be accessed by hackers ? Is it simply a case of chmod 644 on each file ?
Click to expand...

CHMOD 644 should be fine, but the safest way would be to put it OUTSIDE your public_html/htdocs/www (whatever your host calls your main website folder). Just stick it in a folder previous to the place where all your other files are uploaded, that way the only way someone can access the database connection file is by either logging into your account though FTP or hacking the web server.

RobH said:
This might also be useful for general PHP security: http://php.robm.me.uk

Written by our own james.miller
Click to expand...

That's definitely a good website for security, I've used it a few times myself :)
 
Code: 
Put them in your root (www) directory and chmod them to 777

What and publish the login and password on the home page as well ;-)
 
What I do is place config files below the www directory. This means that they can't be viewed from a browser at all. If your FTP access allows it, you can set it up like this:

/home/yoursitename/
/includes/ - Confidential stuff goes in here
/www/ - Website goes in here

Then, just set up your scripts so they access the content that's stored below the www directory. The right chmod permissions are also a good idea generally.
 
You must log in or register to reply here.
Back
Top Bottom