cancel
Showing results for 
Search instead for 
Did you mean: 

Accessibility of root directory

dbriggs1950
Dabbler
Posts: 18
Registered: 16-04-2007

Accessibility of root directory

Now, please accept my apologies if I'm in the wrong place or use the wrong nomenclature. I'm not an expert but am using PAYH to host a test web site while I'm working on the technical review of a soon-to-be-published book on PHP and MySQL.
One problem I've come across is to do with the protection of included PHP files. For example, the book recommends that I keep my database access credentials in an included PHP file, and that I keep that out of the htdocs directory. It suggests moving it to the parent directory of htdocs, and that seems very sensible, but I can't create a file there, or another directory to keep the file in. I assume that's because the root directory isn't owned by my account, so I get privilege violations. I can get around those for now by keeping the include file with the other PHP files in htdocs, but that doesn't seem to be good.
Can anyone suggest a solution?
David
3 REPLIES
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Re: Accessibility of root directory

You ar correct about the access permissions outside htdocs; That area is not available to you.
php files cannot be viewed by users of your website unless it outputs HTML code. As this is unlikely for an include which is used to specify access details then it is perfectly safe to keep the php file with your others.
I have seen many books on php/MySql etc stating what you have said (keeping sensitive files outside root) but this is gernerally only possible on your own locally hosted webserver and not possible in shared hosting enviroments.
avalon
Grafter
Posts: 361
Registered: 05-04-2007

Re: Accessibility of root directory

Hmm.. not sure about that, my hosting provider has their shared hosting space set up so that it is possible. The root of each users allocated space is directly above the directory where their web pages are located.  i.e. mydomain.com/index.html is actually located at mysharedserverspace/www/index.html
So it is possible to set it up in such a manner in a shared hosting environment.
dbriggs1950
Dabbler
Posts: 18
Registered: 16-04-2007

Re: Accessibility of root directory

Thanks to both Peter and me. I can't have had reply notifications turned on, because I've only just spotted the replies!
Having my credentials include file in what looks to me to be a world-readable folder seemed to be risky. I have tried to read some of the files using a text editor to open the URLs rather than a browser, and I can only see the pure HTML parts. PHP files come up as invalid/no access, which seems pretty safe.
On the other hand, that worry made me look for safer alternatives, and I was pointed at XAMPP, which is a program you can run locally on anything from Windows 98 up (including non-Windows). I actually downloaded the Windows-only XAMPPLite version, which was/is very easy to set up, and am running it on the same workstation as I am using to write the HTML/PHP code so it's also very convenient. As the exercises I have been working through this week have involved maintaining a bulk e-mail address list, I thought it was a lot safer to keep them inside my router's firewall, especially as they don't have any anti-spam protection yet.
Thanks fro the advice.
David