I have a php configuration file (file 1) for connecting to a database above the public_html folder - "/home/bhuser/includes/config.inc.php." I have another file in a subfolder in the public_html folder(file 2).
File 2 needs the config file (file 1) to connect to the database such as:
include('../includes/config.inc.php') but this wont work because file 1 is above the public_html folder. So I have in file 2 "include('/home/bhuser/includes/config.inc.php');" without the double quotes.
My question is: Is the way I have it now - include('/home/bhuser/includes/config.inc.php'); a security risk and if it is what would be the proper way to reference this file as an include and keep the config.inc.php file above the public_html folder?
I hope this makes more sense.
Thanks Stephen I'll look at the php.ini file. In the mean time is the way I have it not secure?
The PHP can only be read by someone with direct access to the server unless PHP gets turned off on the server (which happened briefly when Apache was upgraded). Even then if the file you reference is above public_html then it can't be accessed from the web.
That's good news because the only iinclude_path I could find in php.ini is being used for something else.