Suppose that a php in a remote server connects to a MySQL database in the same server and does something with the data in the database.

If the connection is done as follows:



$user="bllabla";
$password="paldkjf";

mysql_connect($server,$user,$password)



The server has Apache 1.3 under Linux.

I would like to know what are the chances that somebody out there might obtain access to the php file and read the source code.

What security steps should be taken to prevent this?

Or maybe the chances are very low?

There is a posibility that any PHP file can be veiwed as source if there is a problem with the web server, although this is rare, it can happen.

You can protect against this by creating a separate PHP script which makes the connecction to the database and placing it outside tthe web server root. You can then use the include() (http://www.php.net/include) function in any script which needs the connection. A script which is above the web server root directory cannot be accessed by anyone on the Internet.

There is a posibility that any PHP file can be veiwed as source if there is a problem with the web server, although this is rare, it can happen.

You can protect against this by creating a separate PHP script which makes the connecction to the database and placing it outside tthe web server root. You can then use the include() (http://www.php.net/include) function in any script which needs the connection. A script which is above the web server root directory cannot be accessed by anyone on the Internet.

Do you mean the folder before the htdocs folder? How should I write the path for such file?

Yes any directory above htdocs. You can either use an absolute path i.e: start from the root directory /path/to/apache/php-includes or relative path ../php-includes.

.. takes you to the parent directory.