php - securing outward-facing website db configs -

i'm adding database usage public facing site, , wanted input on secure way store mysql connection information might be. i've come few options:

first store config in directory, , set php include path dir. second, know there files apache won't serve browsers, use 1 of these types of files. third, store encrypted files on server, , decrypt them php.

any appreciated.

you can configure apache disallow files htaccess.

in config folder add .htaccess following

order allow,deny deny 

if don't want use .htaccess @johua k, mentions, instead add

<directory /home/www/public/config>     order allow,deny     deny </directory> 

to apache config.

this deny files in folder being served anyone, fine since php doesn't care htaccess can just

include('config/db.php')

if config php scripts, should never appear in plain text.

so file like

define('mysql_password', 'pass') 

would never display text.

if worried shared hosting environment , use having access read file should evaluate security of linux installation , host. other users should have browsing access file. web files marked php should never return source.

you can explicitly tell apache not serve files ever, include() or require() able.