How to hide database password in php
im a total beginner in web programming. Im trying to create a simple website that is reading data from a SQL Database. At first i just wrote my database password and login directly into the php code: Show
This obviously isn't a very good idea! So what is a (much) more "secure" way to do this? I read about putting the php code into a seperate file, meaning not into the main php document of the website, and then restricting the access to that file. Maybe by a .htaccess file. Is this the way to go? asked May 11, 2011 at 10:01
4
The As pointed by File structure example :
That way, http://www.your-site.com/ points to Finally, you have to remember to set this file readable and writeable by the Apache user only, not everyone (unix file access rights), so that if someone gain access to you server through another user, he can't read the file. answered May 11, 2011 at 10:05
Matthieu NapoliMatthieu Napoli 46.4k44 gold badges163 silver badges254 bronze badges 0 You normally put this in a configuration file and you access the configuration values via PHP. Usually a project is organized such that your application code and your configuration code is outside your webroot and only your public resources (index.php, images, scripts or other resources) are available via direct access. answered May 11, 2011 at 10:05
JohnPJohnP 48.9k13 gold badges108 silver badges138 bronze badges 4 A database connection file may contain confidential information like the following: The confidential information includes database name, username and password for connection. Therefore, putting your database connection file in the document root of httpd might leave chances for
hackers to attack your data. A better solution is to move the file out of document root of httpd. For instance, if the database connection file is under the document root: /var/www/html/db.inc, you can create a directory /var/www/db outside the document root for your database connection file to store itself. Here are the steps: The new location of
this file will be /var/www/db/db.inc Please note that, PHP allows you to use absolute paths to require files, which are more accurate than relative paths in many ways. How can I protect my database password in PHP?We have solved it in this way:. Use memcache on server, with open connection from other password server.. Save to memcache the password (or even all the password. ... . The web site, calls the memcache key holding the password file passphrase and decrypt in memory all the passwords.. Is it safe to store password in PHP?The best way is to store password above your root directory. If you decide to have password in php file then no body would able to view because php files are excuted in the server. But if the server does not support php then those files will be delivered as text files and any one can see the password.
What is password control in PHP?User has to create a password and use it for login to the website. But it is very important to secure the password of the user. password_hash() function provides the facility to securely store the password of the user to the database.
|