I am replacing an existing very old site written in another lang with a newly-coded php site and I need to double-check a couple of things with respect to security. Website will be running on Windows 2008 R2 using IIS 7.5 and running php 5.3.8.
I am storing db login creds in a file outside of web root. But in my php code I have to include those files and I am using an absolute path. Will php and/or IIS strip out the file path. (I imagine the answer is yes since competing technologies would do likewise, but need to be sure on this and couldn't find the answer.)
On a related point, what is the best place to keep .js files? Is it better security-wise to keep them outside of web root?
Sorry for the basic questions, but am new to php (long time programmer in other langs).