Welcome to the Treehouse Community
The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.
Jake White41,730 Points
Best practice for config.php files
Hey guys, so Im working on my first php application and have a config. php file that is being used to store private information for connecting to a database. Now I don't have too much personal information stored in these databases, basically just user's emails and the passwords for their login for the application, but I want to make sure that they are secure. Ive read a couple of different solutions, but I feel like I don't totally understand what they are talking about. I figured that someone here might know. Any tips?
One thing I'd strongly suggest is to either keep your config file out of your main site directory or lock it down using an .htaccess file.
Matt Campbell9,767 Points
Put a .htaccess file in the directory or parent directory of files that you don't want to be able to be accessed from in the browser and editable.
Then put in the .htaccess file
Deny From All
That will prevent access to all files in the directory and child directories from the browser. You'll need to delete though if you want to edit the files. In Dreamweaver for example, the live function is denied access but it's pretty simple to understand once you've done it.