alternative methods to protect files by placing them above the root of the server

My current hosting company cannot a开发者_Go百科llow me to place any content above the server root. So i have no way to protect those config.php files from those evil people. I know a way to stop them being accessed by browsers (fake 404 messages) but it's very easy to get pass that.

do you guys know any other way to protect files from users but allow php scripts to access them?

If your hoster allows the use of .htaccess files you could add a file called .htaccess into the desired directory with the content:

deny from all

So nobody can acces the files in this directory (but your php interpreter should still be able to).

You could give a custom extension those files and then protect them with an .htaccess file denying access to them. Something like the following:

    <Files config.php>
            Order allow,deny
            deny from all
    </Files>

If you're using a config.php, just set some variable in your main script like "$include_config" and then check for it in your config file itself. If the variable is not there, use die(); and nothing at all will be output by config.php