Where to store MySQL credentials in PHP scripts?

Question

I know I need to store my login information outside of my web root in case Apache is cracked, but I am unsure of what my \'web root\' is, where to store my login information

Answer 1

Typically, I use a folder outside my webroot for application code (functions, etc..) including the mysql connecting php. I create a folder (/home/user/application or similar) and make a mysqlconnect.php file there with the code to connect to mysql or error out. Then, make sure that the path (/home/user/application/ is in the include directory, and at the top of index.php(index.html), include:

It is also good advise to store any password obfuscation code in this way, so that your method, dynamic salt, and static salt can not be compromised in a similar way.

Hope that helps