Using config.ini for a project

I'm working on a project with PHP. I was planing to use a file called config.ini for gathering some set开发者_如何学运维tings including database information (password, username, name etc..).

I thought about .htaccess code to secure config.ini file

<Files config.ini>
order allow,deny
deny from all
</Files>

My question is if this will provide enough protection for config.ini file. In the end, I wouldn't like any user / visitor to see config.ini or access file if they don't have FTP account access.

Maybe this is a bad approach, I will be glad if you can share your experiences. I would like to go with ini file, maybe changing some settings in server might help to secure it better?

I would personally recommend keeping the whole configuration file outside your http root, if possible. I think your setting should be enough to block access to it, though.

It shouldn't be in your DocumentRoot at all, that's the best thing you can do. Also, set his permissions so that it can be read only by permitted users on the server.