Sensitive information in the document root

Let's say you have a config.php that holds sensitive information like a DB user pa开发者_如何学JAVAssword. It is not recommended to store that file in the document root, right?

Why is that so and is it a safer approach to store sensitive information in the index.php of the document root?

For me, the first scenario that comes to mind is a misconfiguration that lets users download or view .php files, rather than parse them and present them as text/html. Say you perform an upgrade, something goes wrong, and Apache is no longer parsing your scripts. Somebody notices that Apache is sending your PHP files as plain text, and is able to open config.php and see the source code (and all the sensitive database configuration parameters inside).

To take this idea just a little bit further. Ideally you wouldn't store much more than a simple script that accesses your codebase, and your static files like images and css in the web root.

eg:

webroot/index.php
webroot/images/img1.jpg
webroot/images/img2.jpg
webroot/css/base.css

lib/myclass1.php
lib/myclass2.php

And your index.php would look something like this:

<?php
$CODEBASE = '/usr/home/wwwuser/wherever/it/is';

include $CODEBASE."/lib/myclass1.php";

$code = new MyClass1();
$code->doStuff();

?>

It's not a safer approach to store configuration data in index.php than config.php; they are both equally prone to being displayed if PHP somehow fails to parse their contents. The advantage to using a separate file for configuration data is that you may limit access to it, effectively preventing anyone from reading it over the HTTP protocol and keeping your data safe(r) even if PHP isn't parsing it.