Securing your .ini file:
“ini files are generally treated as plain text by web servers and thus served to browsers if requested. That means for security you must either keep your ini files outside of your docroot or reconfigure your web server to not serve them. Failure to do either of those may introduce a security risk.”
Alternatively, you can save you file as:
stuff.ini.php
add this to the beginning:
;<?php die('go away'); ?>
The semicolon at the beginning is treated as comment, so this line has no effect on the ini file.
Since the file has a .php extension, it will run through the PHP interpreter if you attempt to access this file directly, and the php block will be processed and exit.
The file extension has no ill effect on the parse_ini_file() function, and the .ini part is, of course, a matter of taste.
