secure folder?

I heard that it's better to keep your passwords (like database connection) in a separate secure folder. and then just include() it in php.

how do i make that folder secure? Do i just have to CHMOD it, so only owner has access. or is there something else i'd have to do.

thank you

Not true, when you view source, it just shows the output not the whole php code.

i meant is chmod enough for a folder to be secure. so no1 can even execute the file. or should i password protect it with .htaccess also? or is there something else

There are a few things to having include files "secure" so to speak.
1) put them in a folder that you can't get to via the webserver, like a php include directory
2) make the directory not world readable (maybe 700 or 750 for chmod)
3) if you put them in a directory that is accessable via the webserver then make sure they end in php so that if someone types in the include file's address it will be parsed and shouldn't output anything.
4) if you put them in a web readable directory the .htaccess protect them and make sure that you limit GET on it.
etc...

A good source for security is the security thread in the php forum.

These suggestion by no means that it is completely secure. Just make it as difficult as possible.

can you point me to more information about php include directory.

or how to create one?

cause i've no idea what that is =)

a php include directory is just a directory that is defined as much in the php.ini file. You can also set this at the script run time with ini_set().
What this allows is that you don't have to include a path (relative or actual)
i.e. include('some_file.php')
instead of
include('/var/share/php/some_file.php');
etc...

ohh.

so when i create the actual folder and set it to .ini

can i still do the rest of the things you mentioned? chmod, password protect and such?

ooooh, nevermind. it all makes sense now

thanks a million =)