Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP

Jake White
Jake White
41,730 Points

Best practice for config.php files

Hey guys, so Im working on my first php application and have a config. php file that is being used to store private information for connecting to a database. Now I don't have too much personal information stored in these databases, basically just user's emails and the passwords for their login for the application, but I want to make sure that they are secure. Ive read a couple of different solutions, but I feel like I don't totally understand what they are talking about. I figured that someone here might know. Any tips?

2 Answers

One thing I'd strongly suggest is to either keep your config file out of your main site directory or lock it down using an .htaccess file.

Matt Campbell
Matt Campbell
9,767 Points

Put a .htaccess file in the directory or parent directory of files that you don't want to be able to be accessed from in the browser and editable.

Then put in the .htaccess file

Deny From All

That will prevent access to all files in the directory and child directories from the browser. You'll need to delete though if you want to edit the files. In Dreamweaver for example, the live function is denied access but it's pretty simple to understand once you've done it.