How to secure database passwords in PHP?

后端 未结 16 1226
闹比i
闹比i 2020-11-21 22:41

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I\'m using a single, minimum-permission login for my applica

16条回答
  •  悲&欢浪女
    2020-11-21 23:33

    An additional trick is to use a PHP separate configuration file that looks like that :

    
    
    [...]
    
    Plain text data including password
    

    This does not prevent you from setting access rules properly. But in the case your web site is hacked, a "require" or an "include" will just exit the script at the first line so it's even harder to get the data.

    Nevertheless, do not ever let configuration files in a directory that can be accessed through the web. You should have a "Web" folder containing your controler code, css, pictures and js. That's all. Anything else goes in offline folders.

提交回复
热议问题