堆栈内存溢出
  简体   繁体   English

使用共享托管并且无法访问外部Webroot时,如何保护数据库凭据?

[英]How can I secure my database credentials when using shared hosting and no access to outside the webroot?

 原文  2012-10-07 14:02:45       php/ mysql/ security

问题描述

I have all of my database credentials within an include file that I wanted to place outside of my webroot file. 我所有的数据库凭据都包含在要放置在webroot文件之外的包含文件中。

However, my shared hosting plan does not allow me to place files outside of the webroot. 但是,我的共享主机计划不允许我将文件放置在webroot之外。 Would I have to look at encrypting my file in some way to make sure my credentials are secure? 我是否必须考虑以某种方式加密我的文件以确保我的凭据是安全的?

I had read a method to produce a kind of fake 404 page, but that doesnt sound very secure to me at all. 我读过一种产生伪造的404页面的方法,但对我来说听起来并不十分安全。

I've also taken the step of creating a read-only user account so that if my account is compromised then at least nothing can be overwritten or dropped, but I obviously want to be as secure as I can given the limitations. 我还采取了创建只读用户帐户的步骤,这样,如果我的帐户遭到破坏,那么至少没有任何内容可以被覆盖或删除,但是我显然希望尽可能地受到限制。

2 个解决方案

解决方案1
 2 已采纳  2012-10-07 16:21:40

You can't 你不能

Best what is possible is create php file which will be interpreted by hosting service. 最好的办法是创建将由托管服务解释的php文件。 

<?php

$DB_USER = 'your_user';
$DB_PASS = 'your_pass';
$DB_INSTANCe= 'your_instance';

When someone will access your file from web browser he won't see anything. 当有人将通过Web浏览器访问您的文件时,他将看不到任何东西。 When you need your file just include it. 当您需要文件时,只需将其包括在内。

You could also add some .htaccess (probably) so no one using web browser will be able to access your file. 您还可以添加一些.htaccess(可能),以便使用Web浏览器的人都无法访问您的文件。

Someone who has read access to the same physical host as you will be sadly able to access this file, and there is no way to prevent that. 具有与您对同一物理主机的读取访问权限的人将很遗憾能够访问此文件,并且没有任何方法可以防止这种情况。

解决方案2
 1  2012-10-07 16:03:20

If the server is running apache and you are allowed to override the directives then this could be achieved using by creating a .htaccess file in the webroot with the following lines, be sure to replace <FILENAME> (including the <>) with the name of the file you would like to deny access to. 如果服务器正在运行apache,并且允许您覆盖指令,则可以通过在webroot中使用以下几行创建一个.htaccess文件来实现,请确保将<FILENAME>(包括<>)替换为名称您要拒绝访问的文件。 

#Deny access to the .htaccess file

<Files ~ "^\.htaccess">

Order allow,deny

Deny from all

</Files>

#Deny the database file

<Files ~ "^\<FILENAME>$">

Order allow,deny

Deny from all

</Files>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在HTML标记内访问webroot之外的文件? - How can I access files outside webroot within an HTML tag? 使用共享托管时在哪里保存 AWS 凭证文件? - Where to save AWS Credentials file when using shared hosting? 如何在共享主机上安装GeoIP? - How can I install GeoIP on my shared hosting? 如何在不向他们显示我的数据库凭据的情况下安全地让用户访问 MySQL 数据库 - How can I give users access to MySQL database securely without showing them my database credentials 如何从 webroot 访问 sqlite 数据库 - How to access a sqlite database out of webroot 如何更好地保护我的数据库连接 - How can I better secure my database connection 如何允许用户下载存储在webroot外部的文件? - How can I allow a user to download a file which is stored outside of the webroot? 如何在php应用程序的webroot外部存储数据库信息将提高安全性 - How storing database info outside webroot of php applications will improve security 我在共享主机上托管laravel 5网站时出现路由问题 - route issue when I host my laravel 5 website on a Shared hosting 无法使用ssh在我的共享主机上安装composer - Can't install composer on my shared hosting using ssh
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM