I have seen many recent php script open-source applications ( forums, cms, etc) for which the database info is stored in a separate php file but (unfortunately) inside the webroot. Now I am about to make a choice as to what script to go for, and therefore need to know how this neglect wold affect the security of my db? In fact I don't know how much, and what way, we could improve the security of our d by just moving the dbconfig.php to a separate directory?
I have already looked at this thread too: How to secure database passwords in PHP?
Okay, just now I found this thread mysql/php is this a secure way to connect to mysql DB and would like to make my question even more clear: which one of these places is more secure to keep my dbconfig.php and why?
1./dbconfig.php
2./public_html/dbconfig.php
3./public_html/includes/dbconfig.php
suppose that the file index file is located here (I guess is referred aswebroot):
/public_html/index.php ( which first needs to include the dbconfig.php)
In fact I don't know how much, and what way, we could improve the security of our d by just moving the dbconfig.php to a separate directory?
You have two basic tools to improve security. Simplifying things a little bit . . .
chmod 600
, for example.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.