Recently I have started learning PHP. I have created website that uses single PHP file (ex. config.php) to keep inside it database info, passwords etc.
For example, my config.php looks like that:
<?php
return array(
"ip"=>"localhost",
"user"=>"rootusr",
"password"=>"abc",
);
?>
I am accessing to this from other files by $conn = include("config.php"); and echo $conn[ip]; etc.
My question is:
IS IT SAFE METHOD? Is anyone able (excluding me) to access this data from other server? To include my config.php and use it on his own? How can I do it better or make it safer?
Thanks for help! :)
You can set it up on a .htaccess file to restrict access to the file from the web like so:
<Files "config.php">
Order Allow,Deny
Deny from all
</Files>
This means, the file will only be accessible by PHP (on your server)/someone else with access to your server's www directory, and this is a secure enough way to do what you're trying to do.
To be more secure you can also move your config.php outside of document root or public html. For example:
Project_root
config.php
public_html/ <- (document root)
index.php