How to store db connect information is secure?
Question
I developed a php application, and I have a config.php , which store the constant use among the application, in this file, it included all the important information, such as the Mysql server address, port number, user name and passwords. I am worry about someone can get the file, and do something that I don't want, how can I protect this file? Thank you.
2 answers
solution1
3 2011-03-27 08:33:31
- Practice general good password security (don't use dictionary words etc)
- It is good practice to name the file with a .php extension, as you have done, because then the web server is unlikely to be tricked into serving the file as plaintext.
- Make sure config.php is stored outside of web root. That means that if something were to go wrong with your server configuration and it started serving PHP files up as plaintext, you wouldn't leak your database password (because no-one would be able to request config.php).
- Make sure the database credentials are appropriately-named constants, rather than variables. This makes it less likely that you might somehow use them inappropriately (for example, if the password was
$passwordrather thanDB_PASSWORDyou might do something with the$passwordvariable in the global scope, forgetting that it's in use - unlikely, but a small possibility).
solution2
1 2011-03-27 08:35:04
Normally it is just stored in a php file, you can make if belong to the www-data user or what ever your web server is using. If someone does have access to your server they won't be able to open it
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.