How storing database info outside webroot of php applications will improve security

Question

I have seen many recent php script open-source applications ( forums, cms, etc) for which the database info is stored in a separate php file but (unfortunately) inside the webroot. Now I am about to make a choice as to what script to go for, and therefore need to know how this neglect wold affect the security of my db? In fact I don't know how much, and what way, we could improve the security of our d by just moving the dbconfig.php to a separate directory?

I have already looked at this thread too: How to secure database passwords in PHP?

Okay, just now I found this thread mysql/php is this a secure way to connect to mysql DB and would like to make my question even more clear: which one of these places is more secure to keep my dbconfig.php and why?

 1./dbconfig.php 
 2./public_html/dbconfig.php
 3./public_html/includes/dbconfig.php

suppose that the file index file is located here (I guess is referred aswebroot):

/public_html/index.php ( which first needs to include the dbconfig.php)

Answer 1

In fact I don't know how much, and what way, we could improve the security of our d by just moving the dbconfig.php to a separate directory?

You have two basic tools to improve security. Simplifying things a little bit . . .

1. Location. Moving it outside the web root makes it harder for others to get to. If they're coming into your server over http, they're not likely to be able to access anything below the web root. (But if they have shell access to your account, you've lost the battle. Secure shell and good passwords are your friends.)
2. Permissions. That file should have the tightest permissions possible. In my case, it's not readable by anyone but the owner. ( chmod 600 , for example.)