How secure is config.php?

Written and contributed by Frank Truscott.

Any web agent that loads the config.php file will see a blank page. No bot can get around this since the server will render the .php file using a PHP parser and no text is output by the php in that file.

It is suspect only to those who have access to the server through other non-http ways (file or shell access to your directories). This would happen because you gave someone access to your hosting account (through control panel or ftp account), or because your hosting provider's server has been compromised through some kind of server-wide hack.

So, in principle, it is very secure on a secured server and this means of storing config info is common practice for most PHP-based applications.

Original forum thread (thanks, ftruscot!):
section: Miscellaneous | submitted by Leng on 2008.Oct.06 | 5473 views

item rate
Total votes: 11 - Rating: 8.36

Please tell us how useful this answer was to you (0 = useless, 10 = very very helpful):