I've got two questions about PHP security with iOS App
Question 1 :
I build a iOS application and this app call PHP files but I want to restrict the access of this PHP file.
I want to reject the access to PHP files from the web.
Example : if a user fill a URL with www.mydomain.com/phpLocation/file.php I want to reject the user with HTTP 403 code.
How I can do it?
Question 2:
I create a connexion.php file who contains database information username, password... and I protect the access of this file with a .htaccess
It's enough to protect the database information?
Question 1
You can use this way (Check if PHP-page is accessed from an iOS device) but is a weak verification, because anyone can send this agents and by pass your security. A better way is to combine previous solution with some verification token or other http header, that only your iOS app will have. Still, people can steal this token and access your application, but it will be harder. Make sure you are using SSL.
Question 2
It should be, or anyone who uses Apache HTTP server will be doomed. But maybe you still want to put on some directory that only your SO has access. Any changes in this .htaccess can open your config file.