When using a PHP page to connect to a MySQL database, you need to have a PHP file that stores your MySQL username, and password somewhere right? How do you keep that file secure, away from prying eyes?

I believe WordPress uses a file called wp-config.php to store your MySQL login information... I noticed that file cannot be downloaded or even accessed at all by visitors.

I don't want a hacker getting my MySQL login information and corrupting my data. How does WordPress protect this file, and how can I accomplish something similar for my own MySQL login file?

I'm no wizard but php pages get processed on the server first. In this case, it just stores information and uses it behind the scenes, you cannot access it directly, unless of course you had it output something.

PHP files are by nature secure from being read unless the hacker already has login access to your hosting account. They do NOT output anything to the browser unless you program them to.

It's the same way people can develop all these cool scripts and not have to worry about someone stealing the source code by looking at the HTML source.

A quick explanation of PHP. PHP, though it's a scripting language, is actually source code for an application written to be compiled at run time. So whenever you access a php file from your web browser, if the server is running PHP, it will compile that file into an executable form and run it. The web server will NOT just spit out the contents of the file.

Just be sure you chmod and chown it properly and you'll be fine.

Give the owner (your hosting account username) read/write/execute access to it via chmod and ownership via chown, then give the apache server user (username: nobody usually) read/execute permissions.

Give the owner (your hosting account username) read/write/execute access to it via chmod and ownership via chown, then give the apache server user (username: nobody usually) read/execute permissions.

Can you explain this part a little more?

I understand using chmod to change basic access permissions (something like rwxr-xr-x right?) but I don't understand how to use it to give permissions to a certain user such as username 'nobody'

Also I am completely in the dark about the purpose of chown... can you explain that command a little more?

Can you explain this part a little more?

I understand using chmod to change basic access permissions (something like rwxr-xr-x right?) but I don't understand how to use it to give permissions to a certain user such as username 'nobody'

Also I am completely in the dark about the purpose of chown... can you explain that command a little more?

Well your not giving it to a certain user, he is saying to give it to the owner which is you, which the username is simply your hosting account name and the way to do so is simply chmod your thing to 777

[QUOTE=mystickcal;7047]Well your not giving it to a certain user, he is saying to give it to the owner which is you, which the username is simply your hosting account name and the way to do so is simply chmod. I'm not sure of the numbers that would be off the top of my head.

Most of the script will have a configuration file which store MYSQL login, this file should configured as read only by everyone, but owner have access.

Which mean if your apache run as nobody, it can only read, but not writable, but as an owner of the file, you have full permission.

I always chmod 644 my read only files. but permission varies depending on your webserver configuration.

You have to contact a Expert