Re: Best practice regarding MySQL username/pw in script file??

cewyattjr@xxxxxxxxx wrote:
So I'm a relative noob with PHP/MySQL. Here's my question -- seems
pretty questionable from a security standpoint to have the MySQL
connection usernames/pw's embeded in PHP scripts all over a site. Is
there a better practice? Would something like this in every page be
better:

include ("../passwordprotected/SinglefilewithPHPlogininfo.php"); ?>
Database login info is still sitting in that file in clear text, but
seems better than multiple clear-text copies all over a site. Are
there better methods?

The best IMHO is to have a include file that is outside the directory that the web-server has access to, we assume you are having an *nix based system and you are working on your personal homepage

your home directory would be ~/
your homepage directory would be ~/html_public (depends on the webserver configuration)
your mysql password/login could be stored in ~/myloginpass.php

This way there is no way that the file can be accessed by a user accessing the site with a web-browser.

store the password and login as variables in the ~/myloginpass.php, which you then can use in your scripts after you included the file.


example

---- ~/html_public/index.php ----
<?PHP
/* For the include we use the absolute path, so the file will for sure be included */
include_once('/home/username/myloginpass.php');
$link = mysql_connect('localhost', $db_login, $db_pass);
/* here add the rest of your code */
?>
---- end of example file ----

---- ~/myloginpass.php ----
<?PHP
$db_login="someusername";

$db_pass="secretpassword";
?>
---- end of example file ----



//Aho
.

Relevant Pages

  • php scripts no longer working after upgrade
    ... i recently upgraded from fedora core 5 to cent os 4.4 with php 4.3 ... and all of the php scripts i had which ... called specific entries from mysql are no longer working ... i have tried turning on register_globals but the problem persists ...
    (comp.lang.php)
  • Re: Handling .xls files with PHP - can it be done?
    ... I have been importing data from Excel spreadsheets into MySQL ... > using PHP scripts to insert each row. ... > wondering, has there been any work done on handling xls files, natively, in ...
    (comp.lang.php)
  • Beginner confused about PHP security
    ... login/registration piece for my site using mySQL and PHP) ... I've read that PHP is secure in that it hides lots of code from ... PHP scripts - however, one thing I've noticed is that whenever I get a ...
    (comp.lang.php)
  • Re: I am totally stumped..with this on..LOAD_FILE Mysql+PHP= FSCK!!
    ... What I am trying to do is to upload files and stuff them in a mysql database. ... I copied the temporary file to somewhere else, and then handed it to MySQL..THAT WORKED.. ... Is there a way to force a close on the file..maybe that's the problem Mysql is opening a file that is not flushed to disk maybe? ... I gew the feeling its maintaining its own picture of file objects, and doesn't actually flush to the disk unless you do a copy or close php.. ...
    (comp.lang.php)
  • Re: I am totally stumped..with this on..LOAD_FILE Mysql+PHP= FSCK!!
    ... What I am trying to do is to upload files and stuff them in a mysql database. ... I copied the temporary file to somewhere else, and then handed it to MySQL..THAT WORKED.. ... Is there a way to force a close on the file..maybe that's the problem Mysql is opening a file that is not flushed to disk maybe? ... I gew the feeling its maintaining its own picture of file objects, and doesn't actually flush to the disk unless you do a copy or close php.. ...
    (comp.lang.php)