Idea: Add /public directory to webroot to hide connection.php
connection.php
does contain DB credentials. It does not show anything to the user when accessed via browser, but it should not be served by the webserver nevertheless.
This change does require the change of the include
expression's paths to be adjusted to request the directory above (../connection.php
).