Andrew You could move the connection info outside the web document tree and include it in your php scripts using an absolute path...e.g. Web server root is /home/httpdocs so you put config file in /home/phpconfigs and your scripts include('/home/phpconfigs/whatever.php'); NB If you have to run PHP with open_basedir and safe_mode enabled then this won't work My 0.02p Rich -----Original Message----- From: thelist-admin at lists.evolt.org [mailto:thelist-admin at lists.evolt.org]On Behalf Of Andrew Mesnay Sent: 14 August 2002 10:12 To: Thelist at Lists. Evolt. Org Subject: [thelist] php settings for DB access Interestingly I was looking through a couple of folers and came across a folder that contqined all the settings to connect to the DB, I put an index.html file in the folder but that didnt work everything still gets displayed?? whats the most secure way to counter this, any ideas Andrew $sitename = "htpp://www.name.co.uk"; #Insert your site name $support = "support at name.co.uk"; #Insert your support's email address $remove_url = "http://www.name.co.uk/mailing/remove.php3"; #Insert the url of the remove.php3 script $dbhost = "localhost"; #Insert your database host $dbname = "name"; #Insert your database name $dbuser = "user"; #Insert your database username $dbpass = "pass"; #Insert your database password --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/02 -- For unsubscribe and other options, including the Tip Harvester and archive of thelist go to: http://lists.evolt.org Workers of the Web, evolt !