By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,949 Members | 946 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,949 IT Pros & Developers. It's quick & easy.

how do I hide database connection files using PHP include files?

P: n/a
I have the following at the beginning of the PHP page:

<?php require_once('Connections/conn.php'); ?>

I want to hide the connection file, "conn.php", so it's out of the web
accessible file structure. I understand putting them in the php include
directory shoudl do this. For example, let's say the directory I put them
in is /www/phpIN/, and /www/ht/ is the root web directory.

So I put "conn.php" in the inlcude directory (/www/phpIN/conn.php) and
removed it form CONNECTIONS directory.

Now it doesn't work.

What do I need to change?

Thanks.

Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
On Tue, 18 Nov 2003 15:46:41 -0500, NotGiven wrote:
I have the following at the beginning of the PHP page:

<?php require_once('Connections/conn.php'); ?>

I want to hide the connection file, "conn.php", so it's out of the web
accessible file structure. I understand putting them in the php include
directory shoudl do this. For example, let's say the directory I put them
in is /www/phpIN/, and /www/ht/ is the root web directory.

So I put "conn.php" in the inlcude directory (/www/phpIN/conn.php) and
removed it form CONNECTIONS directory.

Now it doesn't work.

What do I need to change?

Thanks.

Here's how I do it, using Apache directives. First of all, I name all
include files "*.inc" Then I use an Apache directive to prevent download
of those files. You can put the following in a .htaccess file (I think it
can go in .htaccess but if I'm wrong, coordinate with your Webserver
administrator):

<Files ~ "^.*\.inc$">
Order allow,deny
Deny from all
</Files>

This prevents access to all files that end in .inc

Try this link, for example:
http://www.wse.jhu.edu/include/news.inc

You should get a "Forbidden" error message. (I hope you do!)

If you use another Web Server, It may have a slightly different mechanism,
but it should have the same feature.

--
Jeffrey D. Silverman | jeffrey AT jhu DOT edu
Website | http://www.wse.jhu.edu/newtnotes/

Jul 17 '05 #2

P: n/a
"Jeffrey Silverman" a écrit le 18/11/2003 :
Here's how I do it, using Apache directives. First of all, I name all
include files "*.inc" Then I use an Apache directive to prevent download
of those files. You can put the following in a .htaccess file (I think it
can go in .htaccess but if I'm wrong, coordinate with your Webserver
administrator):

<Files ~ "^.*\.inc$">
Order allow,deny
Deny from all
</Files>

This prevents access to all files that end in .inc


I prefer to name them .inc.php so even if people get access to them,
they're processed by PHP and don't return anything.
I put all of them in a specific dir with a Deny All statement in an
..htaccess file (because I don't manage the structure outside the web
dir on the free host I use).
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.