(No Ratings Yet)
Loading ...How easy is it for someone to download a php file from a website?
My php page has all the important database information, so I don’t want people looking at it. How easy is it for someone to view this information? Also I’v set the PHP file, so that you can’t access it directly using the URL, you can only see it when it is linked to by a form using the POST method.
Posted in 
Tags: 3 Responses to “How easy is it for someone to download a php file from a website?”
don’t put your db config file inside your public folder. For example, if your web root directory is "www", then have a "config" folder at the same level – . outside of your web root.
Also you should be able to deny access to any of your public files by using a .htaccess file.
Report this comment
you may want to consider creating a separate db-connex.php file (or whatever name) and putting it in a random named folder and have an include statement pull it in before connecting to the database. This way you can put all of you DB username and DB passwords in that file as variables and only allow server sided includes in yourt php.ini
Also add a little security to that folder and you should be just fine.
Report this comment
it is as easy as downloading an html file
Report this comment