Sorry if this is a dumb question.

I would like to keep my PHP source code from being directly viewed or copied.  I know this means keeping the PHP source out of the public web document tree on my website but I don't know how to do that.  

I think I need to put my PHP source in a directory that is not on the public document tree and then I need to somehow tell Apache that when it sees:



it should actually execute:



Can anyone please tell me how to do this?
Thanks!!![/code]

Hi Stephan,

It's probably due to the fact I've just joined, but I'm missing something here:

> The only way for someone to get it is via the CPanel
> or FTP (and possibly frontpage) if they have your password.

If someone knows which server I'm on and my username (i.e. my home directory), then can't they still browse my area since the default permissions on the directories are "world=read"?  Maybe not with an FTP program (browsing above a user's home directory can be disabled, right?), but what about a cute little PHP script that can parse higher-level directories such as /home?  Is this blocked somehow?

The reason I'm concerned is that this affects the security of mySQL passwords, which are usually sitting in ascii format within a php script.  Just the thought of ascii passwords makes me feel queasy...

Thanks,
Dan