0

Recently I have started learning PHP. I have created website that uses single PHP file (ex. config.php) to keep inside it database info, passwords etc.

For example, my config.php looks like that: 

 <?php
        return array(
            "ip"=>"localhost",
            "user"=>"rootusr",
            "password"=>"abc",
        );
    ?>

I am accessing to this from other files by $conn = include("config.php"); and echo $conn[ip]; etc.

My question is:

IS IT SAFE METHOD? Is anyone able (excluding me) to access this data from other server? To include my config.php and use it on his own? How can I do it better or make it safer?

Thanks for help! :)

Florke64
  • 5
  • 5
  • Unless you misconfigure your server so that it displays PHP files rather than executing them, it's pretty secure; but even better if you can ensure that the file is outside of the web root and its subfoders – Mark Baker Apr 09 '16 at 13:39
  • 1
    Possible duplicate of [How to secure database passwords in PHP?](http://stackoverflow.com/questions/97984/how-to-secure-database-passwords-in-php) – trincot Apr 09 '16 at 13:41

2 Answers2

0

You can set it up on a .htaccess file to restrict access to the file from the web like so:

<Files "config.php">
Order Allow,Deny
Deny from all
</Files>

This means, the file will only be accessible by PHP (on your server)/someone else with access to your server's www directory, and this is a secure enough way to do what you're trying to do.

Asjad Athick
  • 143
  • 3
  • 10
0

To be more secure you can also move your config.php outside of document root or public html. For example:

Project_root
  config.php
  public_html/ <- (document root)
    index.php
mvidovic
  • 321
  • 5
  • 9