How to secure php includes/constants files ?

blueshaolin
blueshaolin used Ask the Experts™
on
Hi everyone, I just want to know how I can secure/protect/hide the 'important' files (includes/constants) in a PHP/MySQL (not very complex) application, I'd like to know the good and UPDATED methods / techniques / steps to achieve that.

By the way the files are stored in a shared hosting (Linux).

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Hi,

You cannot secure, protect, or hide any 'important' files from the system administrator. He/she/they/it will have access to these files regardless. You can though take steps to prevent other users on the system from viewing these files by setting permissions unix permissions.

http://dl.sugarforge.org/sugardocs/Notes/PermissionsAndAccessRights/UNIX_Permissions.pdf

good general reading on permissions... In general though, shared hosting does not provide the mechanisms to hide or protect any of your files. If it is sensitive enough, you should not be on shared hosting.

You can take some steps to secure them such as http://green-beast.com/blog/?p=144 . But that list in nowhere near complete.
You can also try to protect the source codes by using like this software. It means, you can encode and upload it. so that nobody can view it easily.

http://www.sourceguardian.com/
http://www.php-editors.com/php-tools/php-encoder.php
http://www.obfusc.com/

Author

Commented:
I'm sorry, my english isn't good enough, the most important file (I think) is the one with the DB password, isn't it ? how can I protect it from general users ?

Thanks for your answers so far !!
Most Valuable Expert 2011
Top Expert 2016
Commented:
Store the file with the DB password outside the WWW public_html directory.  Bring it in with a statement like this:

require_once('../root/db_password.php');

It's not what I would use for nuclear codes, but it is good enough for most applications.  A browser cannot get to this file if your hosting company uses a sane setup.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial