File security

[CaldwellYSR]

I wasn't quite sure where to put this so I'm just going to stick it here and if it needs to be moved then I'm sorry. Anyways I am working on a mini CMS for my current employer so that they can embed woofoo forms into pages and/or make new pages. I've almost got it finished and ready to go online but one of the things I need to do before putting it on there is figure out how to secure a few files. I have a constants.php file which has all of my constants, including my database connection information (server, username, password, database name). If someone else accesses this file they could potentially wreak havoc on the site. I don't really expect that to happen since this is an Alcohol Education site for my college, not something really worth hacking in my opinion but I still feel like I need to secure that file just in case. I would hate for something to happen and for me to be blamed. So what are the most common ways to secure files? Is this done through the web host or is there something I can do to add security?

 

[DesignerBill]

Matthew, I had that same question. See this thread: http://www.webdesignforum.com/16619-php-hiding-mysql-parameters.html.

What I did was to define those parameters in a file in a separate, password protected directory, and used a PHP include statement to bring it in.

Bill

 

[CaldwellYSR]

Thanks for the link, good info there.

 

[webdevcloud]

Not sure exactly what kind of security you want. If on linux server change file permission to read only. Then only people with FTP log in can read/change the file.