Security Recommendations

This topic is locked

Security Recommendations	2/11/2008 5:22:38 PM
PHPRunner General questions
bbarker author Is there an overview of recommended security practices for when you deploy your database on the internet? One of the files that I'm concerned about is dbconnection.php. How easy is it for someone to see that or gain access to it? For example: http://xyz.com/utilities/include/dbconnection.php What are the practices that I should use in order to "lock down" my site? Have you posted a summary of the security settings for the various directories? Does SSL buy my anything if I add it? Besides the obvious encrypted transmissions. I'm most concerned about someone being able to see the files with settings in them and/or gaining access to the database. Thanks... I just about ready to go live!!!

Mark as Solved Mark as not solved

3 replies


	Alexey admin 2/12/2008
	Bill, there is no way to get PHP file contents from a web server. There are no additional actions needed to "lock" your site. Info from dbconnection.php is not transmitted over the internet, so using SSL won't give you anything here. Keeping your FTP and other passwords secure is the primary mean of protecting your site and database.


K	kenlyle 2/15/2008
	If we are packaging/zipping a deployed application for others to install, the only thing we have to do is replace out the database connection details in dbcommon.php, right? Thanks, Ken


J	Jane 2/18/2008
	Ken, yes. You need to edit connection info in the generated include/dbcommon.php file only.

3 replies

Mark as Solved Reply