Steal someones php code or settings?

Is there a way to download a php file from a website? I want to make sure my php files and settings are secure so no one can get into my sql database or see my password information or see any of my php code. What are some secure methods i can do to make sure no one can steal my php code or settings ?

The company i work for recently created custom php code that our customers will go to our site and type in personal information and order certain products, i just want to make sure there is no way a person can try to access our files ( we have customers personal information on our server ) since all the files will be on our server... Anyone have more input on this ?

Hi David,

3 Suggestions:

1. Secure your include files - With regard to them "downloading" your source, you should be fine so long as everything is setup correctly. Do all your source files have a .php extension? If so, then if they call them, they will run and not download. However, if you have a different extension for included code, then make sure those are secure. For example, if you use .inc as an included file, try browsing directly to that file:
    
   http://www.yoursite.com/includes/MainLib.inc
    
   If you don't have that file associated correctly on the server, the source code will popup in the browser. Granted, they still have to guess the filename but they sometimes can list or discover them.
    
2. Don't allow browsing. Make sure empty folders are not browsable. Create a test folder and try browsing to it. You should NOT see a list of files, if you do, fix that.
    
3. Harden Your Code - You might want to read my security tips article and implement the suggestions in there. They definately apply to PHP code. 
    
   Security Tips: 13 Ways to Harden Your Code
    
   I also linked that article to the top so this thread shows up on the bottom of it.

That's about all the suggestions I can think of right now. Security is about layers so the more you do, the better.