Storing DB Credentials
Question
I want to make secure connection to my database, hence I've tried to locate a file outside public_html , but for some reason (which I guess depends on my host) I cannot do it. I've thought about creataing a credentials.php file, and adding the following .htaccess rule:
<files credentials.php>
order allow,deny
deny from all
</files>
And then importing credentails.php is needed. I would like to know if using include("credentials.php") in a file which is not protected by .htaccess won't reveal the credentials. Thanks in advance.
2 answers
solution1
0 2014-08-17 15:28:23
As far as I know, php-code isn't visible for the client. Php is executed server-side and then sent to the client. (Surf to any php site and check the source code). The only way to get a php-file is to download it (but i'm not sure how one would do that).
So I think you are fine doing what you do :) (if I'm wrong please correct me, This is what i've always learned, and it would be great to know if I'm wrong).
solution2
0 2014-08-17 15:29:27
除非您通过GET打印或发送凭据,否则服务器外部的任何人都不会看到它们,因此甚至不需要使用.htaccess。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.