Location for db_connect.php?

As long as a file like db_connect.php is in the public_html directory, along with an index.php, should there ever be a security concern? I’ve seen people online say it’s fine and others who say that a file like db_connect.php should ALWAYS be one level up.

Can someone put this issue to rest for me?

Thanks!

PHP files are text files.

If for any reason the PHP engine is down and someone requests that file, they can read it.

Putting it outside of the root means that your script can reach it, but it can not be reached by an HTTP request.

Is it fine if not outside the root? I imagine in the vast number of cases it is, but would you want to risk it when it’s easily avoidable?

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.