PHP: protect folder "connections" on server?

Report · Feb 12, 2007

Hi,

I'm afraid this is a newbie question, but I couldn't find the answer by searching the forum.

I installed locally, not on the shared webserver, IIS, PHP and MySQL. Then I went through the first part of "record store" tutorial
from the Dreamweaever Development Centre. I realized, DW is storing the login information to the mySQL database in a .php file within the folder "connections". Username and password are visible in this file:

$hostname_RecordStorePHP = "localhost";
$database_RecordStorePHP = "RecordStorePHP";
$username_RecordStorePHP = "username";
$password_RecordStorePHP = "password";

After working on this tutorial, I want to create a new database application. First locally. Then I want to transfer the project to my shared webserver at Godaddy. I will change hostname, database, username and password to the MySQL database at the shared webserver.

My question: How should I protect the user information within the folder "connections" on the shared webserver (Linux)? I know chmod and .htaccess for protection on Linux servers. Should I use one of those? If chmod is ok, how should I set the permissions to restrict access from outside, but to allow the php files on the webserver to connect to the database?

I couldn't find a tech paper covering this issue, so I hope, someone here can help...

Thank you very much!

Regards,
Thomas

Report · Feb 12, 2007

thomas2322 wrote:
> My question: How should I protect the user information within the folder
> "connections" on the shared webserver (Linux)?

You don't need to. The code is entirely in PHP, which remains on the
server. If anybody tries to access that file on its own, they will see a
blank page. However, if you're particularly worried, one precaution that
you can take is to move the connections file to a folder outside the
site root. I don't know if Godaddy provides you with a private folder,
but you can move the connection details there, and update the relative
link in the include command of each page to point to the private folder.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Report · Jan 29, 2008

Hi guys,

David, you mention "move the connections file to a folder outside the site root". I'm not really interested in moving the "Connections" folder outside the site root but I do want to move it inside an administration folder. When I do this, Dreamweaver CS3 doesn't find the Connections folder in the new path and asks me to create a new MySQL connection.

How can I make Dreamweaver find the mysql connection if the "Connections" folder is not in the default site root location and is inside a new path, for example, "admin/includes/Connections"?

Thanks!

Regards,

Checo

Report · Jan 29, 2008

_Checo_ wrote:
> How can I make Dreamweaver find the mysql connection if the "Connections"
> folder is not in the default site root location and is inside a new path, for
> example, "admin/includes/Connections"?

Just change the path in the include command. You won't see the folder in
your Dreamweaver site, but as long as you use the correct relative path,
Dreamweaver will find the file and use the details stored inside it.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/