where to put includes for security

Hi
Just learning and worried about hackers being able to see my Login information. I know the scripts 'include' this file, but don't these files reside in the root directory of the site?

Shows i don't know a lot :-) But i'm trying hard.

I have a names database and the visitor can check if their name is listed. (Thats the idea)

Thanks

Paul

Outside your document root is the safest place. Check with your provider and see if they give you access to a folder outside the web root. If they don't, request it from them. Most of the legitiment web hosts out there are pretty flexible and thus will give you access to one of these folders....

Hi
Thanks for that
I have a phpMyadmin directory that is password protected and i can password protect any directory that i make on my server space so i could put them in there but i'm not sure how to address the link.

At the moment it is
include ("./common.php");

If i put them in a directory do i have to address it like -

include ("http://www.cardsnscrolls.co.uk/newdirectory/common.php");

Where 'newdirectory' is password controlled.

Thinking about this though, i will have to provide the password for THIS directory in the original calling script to get to the common.php??

My head hurts.

If i have an index.html in the new (maybe unprotected) directory that has a redirect to something (say my site index.html), would that stop someone seeing my common.php that is in the same directory?

Sorry to be slow


Thanks

Paul
Thanks


Paul

As long as you don't use any ECHO or print statements (or the like) in your common.php file, noone should be able to see anything!

Good luck,
Joe of 4Life

Thanks Joe

Will look

you could also use a .htaccess file, and restrict all access.. php won't be affected by this because it doesn't request the files from the webserver

Sorry to be slow, but where do they request the files from?

Thanks
Paul