Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial


Jake White
Jake White
41,730 Points

Best practice for config.php files

Hey guys, so Im working on my first php application and have a config. php file that is being used to store private information for connecting to a database. Now I don't have too much personal information stored in these databases, basically just user's emails and the passwords for their login for the application, but I want to make sure that they are secure. Ive read a couple of different solutions, but I feel like I don't totally understand what they are talking about. I figured that someone here might know. Any tips?

2 Answers

One thing I'd strongly suggest is to either keep your config file out of your main site directory or lock it down using an .htaccess file.

Matt Campbell
Matt Campbell
9,767 Points

Put a .htaccess file in the directory or parent directory of files that you don't want to be able to be accessed from in the browser and editable.

Then put in the .htaccess file

Deny From All

That will prevent access to all files in the directory and child directories from the browser. You'll need to delete though if you want to edit the files. In Dreamweaver for example, the live function is denied access but it's pretty simple to understand once you've done it.