Hello, just got a new website up and running. I use several PHP includes to make sitewide changes easy.
For example I have a settings.php file that just contains my doctype and my <head></head> stuff. I don’t want this visible for someone to just go to my site and do ryanreese.us/settings.php (not that people should know it exists)…but still.
What permissions would I have to set for this to happen?
I was unable to think of the correct keywords in a google search.
I would say just bury it a few folders deep that no one will ever fine. All the same, does it really matter if anyone sees the file? They can see the results in the HTML anyhow.
Burying it a few folders deep only hides the problem. I’d really just prefer to set the file permissions. Knowing that people could get to it nags at me.