Where is the most secure place to put MySQL connection details for PHP

Question

Where is the most secure place to put MySQL database connection details when connecting via a PHP script?

$connection = mysql_connect($hostname, $username, $password);
if (!$connection) {die('Could not connect: ' . mysql_error());}
mysql_select_db($database, $connection);

I know it's not a good idea to put them directly in the script that is querying the database. However, some say that you should put the connection details in a separate PHP script and include that script to connect.

Is there a more secure place to put the connection details?

Answer 1

The usual practice is to put them into a separate file, and put that outside the web root. See this answer for details.

Answer 2

You may want to put it in a directory that is not in the webapp hierarchy, to prevent a browser from having any chance to access it.

Depending on your level of paranoia, you could write a webservice that is behind a firewall, and call for the credentials, but that may be overkill.

It would help if we understood your architecture, is it just php script goes to database, then the first suggestion would be best, if you have firewalls, for example, then you will have more options.

Answer 3

如果您的操作系统具有合理的安全功能，那么只要该文件属于具有最小可能权限的组，则无关紧要。