堆栈内存溢出
  简体   繁体   English

以安全的方式存储MySQL连接数据

[英]Store MySQL connection data in a secure way

 原文  2014-05-22 06:37:22       php/ mysql/ security/ web

问题描述

Hello fellow web developers 网络开发人员大家好

I am developing website with PHP and MySQL and I need a secure way to store the MySQL connection data (ie host, username and password) in a secure way. 我正在使用PHP和MySQL开发网站,我需要一种安全的方式以安全的方式存储MySQL连接数据(即主机,用户名和密码)。

I have found many answers to this question, and the best one I found is to store them in the php.ini file. 我找到了这个问题的许多答案,而我发现的最好的答案是将它们存储在php.ini文件中。 I also realized that the key of securing such data is to store them outside of your home directory (like htdocs if you are working with xampp or public_html if you are hosting your website somewhere). 我还意识到保护此类数据的关键是将其存储在主目录之外(如果使用xampp则使用htdocs,如果将网站托管在某处则使用public_html )。

I'm storing them now in the php.ini file, but I won't have access to it once I upload my website. 我现在将它们存储在php.ini文件中,但是一旦上载网站,我将无法访问它。

what should I do? 我该怎么办?

1 个解决方案

解决方案1
 1 已采纳  2014-05-22 06:45:20

It's not necessary to put the credentials in php.ini. 不必将凭据放在php.ini中。 They're no more safe there than any other file outside your HTTP document location(s). 它们在那里没有HTTP文档位置之外的其他任何文件安全。

It's sufficient to store the connection parameters in any PHP file outside any directory that your HTTP requests can reach directly. 将连接参数存储在HTTP请求可以直接到达的任何目录之外的任何PHP文件中就足够了。 Ie don't put it in DocumentRoot or in any other Location that your HTTP server can reach. 即不要将其放在DocumentRoot或HTTP服务器可以到达的任何其他Location

And make sure your server itself doesn't get compromised. 并且确保您的服务器本身不会受到威胁。 If someone can hack in and get direct access to files or processes on your HTTP server, the database credentials are not your greatest worry. 如果有人可以入侵并直接访问HTTP服务器上的文件或进程,则数据库凭据不是您最大的担心。

If you have no access to any folder outside your domain folder, can you at least set up a .htaccess file to deny from all so that no HTTP request can have direct access to the file (or directory) where you store private data? 如果您无权访问域文件夹之外的任何文件夹,是否可以至少将.htaccess文件设置deny from all以便没有HTTP请求可以直接访问存储私有数据的文件(或目录)? Of course PHP code can still read such files with include or require . 当然,PHP代码仍然可以使用includerequire读取此类文件。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 安全的方式将数据存储在数据库中 - Secure way to store data in database 在MySQL中插入和检索数据的安全方法 - Secure way to insert and retrieve data to and from MySQL 安全的MYSQL连接详细信息 - Secure MYSQL connection details 用Python保护MySQL连接 - Secure MySQL Connection in Python 在php会话中存储安全用户数据的最佳方法是什么? - What is the best way to store secure user data in php sessions? 保护 PHP web 服务/相关连接数据的最佳方法? - Best way to secure a PHP web service / relevant connection data? PHP和MySQL连接更安全 - PHP & MySQL connection more secure 安全的Propel连接,远程MySQL - Secure Propel connection, remote MySQL 将表单数据写入MYSQL数据库的最快,最安全的方法是什么 - Whats the quickest and most secure way to write form data to a MYSQL database 安全的mysql表单数据 - secure form data for mysql
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM