I have DB password and other important information stored in settings.php. I will put settings.php outside public directory.
But what I am not sure about is that I use to require_once settings.php into every page (index.php, users.php, profile.php, login.php, …). Is that safe?
So for example file users.php starts like this:
require_once(thePathName/settings.php’);
checkLogIn(1);
require_once $SERVER[‘DOCUMENT_ROOT’].'/languages/lang’.$language.‘.php’;
…
Outside the site root with read only permissions is just about as secure as it gets. Unless your going to implement some type of server controlled security. Either way if someone gets to the server level with root access its pretty much over either way.
Thanks for response. So I just set permission to 644 or 666 and it is ok if I require_once in every file. I was just worried that make more easy to discover where I store settings because in this way if somebody hack any single file, he will see where I store it. If I would store it in otherfile.php than he would need first hack otherfile.php to see that.
From my experience and what I’ve been told yes it is, make sure that it has the permissions of 644 or 666 and you will be fine. One thing id like to suggest is that instead of re-calling the requires over and over make a file called main.inc.php and then just require that. Saves a lot of time and code