How to prevent access to PHP files that store username/password

Our PHP web app saves the database username and password in a file. How do i prevent the access of this file by FTP users. So that if my programmer resigns, I dont always have to keep changing username/password.
melwongAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
larsrohrConnect With a Mentor Commented:
chown apache filename
chmod 400 filename
0
 
Kim WalkerWeb Programmer/TechnicianCommented:
That depends on what kind of file holds this information. If it's stored in a .php file, the server will always deliver the results of the code inside the file, never the contents. However, I always store such files in a folder outside the public shared directory and include them in my php file using the include statement and a direct path to the file as it is on the server.
0
 
Ray PaseurCommented:
I use something like this
require_once('../root/db_link.php');

Open in new window

I have the "root" directory on the server at the same level as public_html.  It can't be browsed, only included.  And I also agree with xmediaman: you have very little risk of exposure if your information is inside a .php file.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
melwongAuthor Commented:
My current file is in /home/website/public_html/app/app_info.conf. How do i put this file outside public shared dir? Cos my domain website.com points to the dir website
0
 
melwongAuthor Commented:
My risk is exposing passwords to my programmers
0
 
larsrohrCommented:
In addition, we make such files owned and readable only by the apache web user.  So among local users, only apache and root can directly access the file.
0
 
melwongAuthor Commented:
larsrohr, how do we do that? what is the chmod?
0
 
melwongAuthor Commented:
thx
0
 
Web_SightCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.