Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Just make sure your web server is set up to handle <code>.php</code> files correctly, and that all files have the correct <code>.php</code> extension (not <code>.php.inc</code> or similar)</p> <p>As long as your server executes the PHP, no one can download its source code (ignoring any security holes in your code, which is a different topic)</p> <p>There was a time when it was common to name included files along the lines of <code>mystuff.php.inc</code> - this is a bad idea. Say your site is at "example.com", and you store your database configuration in <code>config.php.inc</code> - if someone guesses this URL, they can request <a href="http://example.com/config.php.inc" rel="nofollow noreferrer">http://example.com/config.php.inc</a> and get your database login in plain text..</p> <p>It is a good idea to store configuration and other libraries up one directory as <a href="https://stackoverflow.com/questions/1401727/securing-php-files/1401778#1401778">bisko answered</a> - so you have a directory structure like..</p> <pre><code>/var/example.com: include/ config.php helper_blah.php webroot/ index.php view.php </code></pre> <p>This way, even if your web-server config gets screwed up, and starts serving <code>.php</code> files as plain text, it'll be bad, but at least you wont be announcing your database details to the world..</p> <p>As for encrypting the files, I don't think this is a good idea.. The files must be unencrypted to Apache (or whatever server you're using) can access them. If Apache can access it, your sysadmin can too..</p> <p>I don't think encryption is the solution to an untrustworthy sysadmin..</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload