Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

hiding my db connect script

Status
Not open for further replies.
dessie1981

dessie1981

Programmer
May 9, 2006
116
GB
Hi everyone,

I have a db connect script and for testing purposes i have it in the same dir as the rest of my files that i want apache to serve. I know this is not good security.

The problem is that when i move this script to a /home folder and change the require path in my progs that use the db_connect script i cannot access the script.

Anyone any ideas??
 
Sort by date Sort by votes
Hi ,

Its ok i put the script in the dir where my include path is pointing at.
Is there a security risk here??


Thanks
 
Upvote 0 Downvote
I can't say. Where did you put it?

The whole point of tucking this information away somewhere is to keep it from being easily found by a hostile entity. The best way to do this is to place the include file outside the document root of any websites.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
// Written on each file needing a conn
// It points to the "intermediary” file conn.php
require_once($_SERVER['DOCUMENT_ROOT']."/conn.php");

// About conn.php
// Is set at root level
<?
require_once("/var/?>
//what it does: Only calling a dir below root named db_conn
// db.php is the conn function
 
Upvote 0 Downvote
Reason is that I was not able to make the call directly.
any suggestion?
 
Upvote 0 Downvote
There is absolutely no techical reason I know of why your main script could not include a file directly, but that file could be included from an included file.

But to get back to my original question to you:

sleipnir214 said:
Does PHP specify why your script can't include the file?
Click to expand...
To clarify...

PHP should have given you an error message. What was that error message?



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
No error message, never got one on any server I used it
not even on my test bed.
of course you are correct for some reason I did not think about calling below root from
$_SERVER['DOCUMENT_ROOT']
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mervgh
  • Locked
  • Question
My own custom error handler
Replies
1
Views
275
Chris Miller
Chris Miller
R
  • Locked
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
293
Chris Miller
Chris Miller
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
414
SashaBuilder3
SashaBuilder3
sugram
  • Locked
  • Question
how start a second shell script
Replies
0
Views
133
sugram
sugram
lexer
  • Locked
  • Question
Join two mysql tables for populate datatable
Replies
3
Views
280
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top