I am about to hire some contracted programmers to assist with some script writing. I'm giving them FTP access to a specific working directory for a sandbox URL. This is where they will do there work, but they also will be needing to do database reads. The access settings for the DB are in a config file that is hidden at a level below the public access (www) folder for that Sandbox. The structure is like this:
Config File is at
The user FTP access
is set to /vhosts/sandbox.com/html
So the user can't directly view the "settings" file, but he can reference it in an "include" statement.
As such he could also do the following to view the full contents of that file on screen.
$myfile = fopen("../private/settings.php", "r") or die("Unable to open file!");
$txt = fread($myfile,filesize("../private/settings.php"));
print '<textarea rows=25 cols=100>'.$txt.'</textarea>';
Is there any way around this? Is there a way that I could allow the programmer to make use of the content of this settings.php file without having access to it?
Is it an issue of setting directory permissions (to restrict so only the server can read the file)?
How does one go about this?