how do I hide database connection files using PHP include files?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • NotGiven
    #1

    how do I hide database connection files using PHP include files?

    I have the following at the beginning of the PHP page:

    <?php require_once('C onnections/conn.php'); ?>

    I want to hide the connection file, "conn.php", so it's out of the web
    accessible file structure. I understand putting them in the php include
    directory shoudl do this. For example, let's say the directory I put them
    in is /www/phpIN/, and /www/ht/ is the root web directory.

    So I put "conn.php" in the inlcude directory (/www/phpIN/conn.php) and
    removed it form CONNECTIONS directory.

    Now it doesn't work.

    What do I need to change?

    Thanks.



    Tags: None
    • Jeffrey Silverman
      #2
      Re: how do I hide database connection files using PHP include files?

      On Tue, 18 Nov 2003 15:46:41 -0500, NotGiven wrote:
      [color=blue]
      > I have the following at the beginning of the PHP page:
      >
      > <?php require_once('C onnections/conn.php'); ?>
      >
      > I want to hide the connection file, "conn.php", so it's out of the web
      > accessible file structure. I understand putting them in the php include
      > directory shoudl do this. For example, let's say the directory I put them
      > in is /www/phpIN/, and /www/ht/ is the root web directory.
      >
      > So I put "conn.php" in the inlcude directory (/www/phpIN/conn.php) and
      > removed it form CONNECTIONS directory.
      >
      > Now it doesn't work.
      >
      > What do I need to change?
      >
      > Thanks.[/color]


      Here's how I do it, using Apache directives. First of all, I name all
      include files "*.inc" Then I use an Apache directive to prevent download
      of those files. You can put the following in a .htaccess file (I think it
      can go in .htaccess but if I'm wrong, coordinate with your Webserver
      administrator):

      <Files ~ "^.*\.inc$" >
      Order allow,deny
      Deny from all
      </Files>

      This prevents access to all files that end in .inc

      Try this link, for example:
      Page not found - Johns Hopkins Whiting School of Engineering
      http://www.wse.jhu.edu/include/news.inc


      You should get a "Forbidden" error message. (I hope you do!)

      If you use another Web Server, It may have a slightly different mechanism,
      but it should have the same feature.

      --
      Jeffrey D. Silverman | jeffrey AT jhu DOT edu
      Website | http://www.wse.jhu.edu/newtnotes/

        Comment

        • Jedi121
          #3
          Re: how do I hide database connection files using PHP include files?

          "Jeffrey Silverman" a écrit le 18/11/2003 :[color=blue]
          > Here's how I do it, using Apache directives. First of all, I name all
          > include files "*.inc" Then I use an Apache directive to prevent download
          > of those files. You can put the following in a .htaccess file (I think it
          > can go in .htaccess but if I'm wrong, coordinate with your Webserver
          > administrator):
          >
          > <Files ~ "^.*\.inc$" >
          > Order allow,deny
          > Deny from all
          > </Files>
          >
          > This prevents access to all files that end in .inc[/color]

          I prefer to name them .inc.php so even if people get access to them,
          they're processed by PHP and don't return anything.
          I put all of them in a specific dir with a Deny All statement in an
          ..htaccess file (because I don't manage the structure outside the web
          dir on the free host I use).


            Comment

            Previous template Next
            Working...