I have a .ini file with sensitive information in my php wab app. I denied access to it using a .htaccess file:
<files my.ini>
order deny,allow
deny from all
</files>
I don't have access to folders outside of htdocs, so I can't move the .ini file out of browsable territory.
Is my solution safe?
The file will not be visible from apache. Obviously the best option is to put it outside of your site's root. If you can't do that, .htaccess files (or similar directives in your apache configs) is pretty much your only option.
The .htaccess will block access from the web. However, if you're using a shared hosting environment, it might be possible for other users to access your ini. If its on a (virtual private) server and you're the only user for that server you're safe.
In case of shared hosting it depends on server configuration. For more info read: PHP Security in a shared hosting environment
You can temporarily install PHPShell and browse through the server filesystem to check if your server is vulnerable. (requires some commandline knowledge)