Protect Php Includes

[Aaron]

Hi!

 

I use PHP to include my MySQL db usernames and and passwords from a file called (let's say) "password.inc". If someone goes to http://myurl/password.inc, they will be able to see the file. Is there any way to keep people from accessing/viewing password.inc?

 

Right now I plan to rename the file to "password.php" so that if someone types http://myurl/password.php, they won't be able to see the username and password variables being set.

 

But is there a better way to just block people from accessing password.php? I've done some research and it seems adding an .htaccess file is the way to do it. Does totalchoice allow this? (I don't know much about .htaccess)

 

I'm open to suggestions!

 

 

Thanks,

Aaron

[borfast]

There's several ways around that problem, I think.

 

1 - You can configure the webserver so it won't let anyone access .inc files;

 

2 - You can put all your .inc files in a protected directory to which no one has access;

 

3 - You can use .php extensions, just like you said.

 

AFAIK, you can even combine them for added security but maybe you don't need to go that far.

 

If you want a simple solution, use .php extensions. Just be careful with what you put inside, remember that anythingg that the script outputs, will be visible in the webbrowser.

 

If you want to use .htaccess, I'm not a genius at that, but google is...

http://www.techtutorials.com/tutorials/uni.../htaccess.shtml

 

EDIT: Ooops... I forgot to mention that TCH does let you use .htaccess.... sorry about that. Thanks Lianna.

[Lianna]

the use of .htaccess is quite acceptable here.

 

Li

[Aaron]

Thanks for the replies!

 

I think I'll just stick to the php extension and protect the folder where my includes are through cpanel. I really don't need password protection, as I have no need to access the include files online, so creating/configuring htaccess (and htpasswd) seems like too much work.

 

Aaron