Having this strtucture in a PHP proyect:
htdocs/
project_name/
conf/
db_info.xml
html/
index.php
index.php is reading db_info.xml
The owner and group of this project is and user created for it.
DOCUMENT_ROOT is htdocs/project_name/html/
Is insecure to set 644 the file with the DB info and credentials (db_info.xml)?
Read permision for all could be a security issue or let folder named 'conf' out of the DOCUMENT_ROOT shouldn't be a problem?