I am creating a web application in php. In order to provide security to the code, I am writing database connection and other confidential scripts in a file called functions.php.
And i am hosting this file on my server at example.com/functions.php.
In my clients application(which is an external site-example2.com), i will simply include my functions.php file which is on my server as
include 'example.com/functions.php';
Is there any way so that the client can hack and view the code in functions.php file which is on my server ?
If yes, How ? and what are the measures to prevent it.
There is no way your client could see a code of a php executed script. As a further measure i recommend you use ioncube or similar file encrypting services if you are to distribute( not just include) your code to clients. Your client must have certain settigns enabled on the server, like allow_url_include, which in turn requires allow_url_fopen to be on. Most of the time these will be off for security reasons.