I have a web application that is accesible over the internet!
I have a folder (named "includes") and it contains all php function (functions, connections to mysql db) that I wrote!
As a security measure I would like to know if is better to put includes folder outside webroot or should I let the folder inside the webroot! Is this measure a must?
And if it's more secure to put the folder outside the webroot, how can I access php function files in a secure way?