Greetings. I am curious about having the php config file in the web root. I am coding a site for a client and their web host has their php.ini file in the web root. Is that not a security risk? I have never heard of having it there before. I am not a veteran web programmer, but I have been around long enough to know what should be kept secret.

Anyone have thoughts on this? Thanks.

Danilo

Config files are sometimes put in the root and sometimes in secondary directories. You can protect the file so it can only be read by the system. Maybe someone else will have a different opinion but I don't think that it is any more vulnerable in one place than the other.

You can also use disable_functions (eg disable_functions = "highlight_file,ini_alter,ini_restore etc..etc ) but you need to look more int that function and the security measures you can accomplish

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.