I have finished my PHP project development. It was developed locally on my PC. Now I am ready to upload it on my web server and make it publicly accessible.
There is however one thing that bothers me: Currently, all the PHP files are in my WWW folder with all the HTML, JavaScript, CSS, and Images files. PHP files are sensitive, as they access MySQL Database and often contains password and file paths that are meant to remain secret from the users.
If I leave the PHP files within the WWW directory, am I afraid, they can become accessible to public in the same way, as the other files and images are. I am afraid that skilled users can download and read them, and therefore reveal are the secret information about my web server.
Are my worries legit? Does the web server automatically hides .php files? Should I move the PHP files into another location, away from WWW folder? Is there any other way to protect my PHP files from being downloaded?
Thank you very much. Kind regards,
Aucun commentaire:
Enregistrer un commentaire