发表新帖
发表新帖

Best Practices for creating a PHP INI/CONFIG file and keep it secure

后端 未结
关注
3 1298
情书的邮戳
情书的邮戳 2021-02-10 10:45

I always used a normal PHP file and just defined the variables in that file, but is this considered best practice?

Example:
相关标签:
3条回答
  • 余生分开走
    2021-02-10 10:54

    unless someone has access to your PHP source code that is secure.

    however I would make sure the file is outside of the document root to prevent problems IF for some reason php gets turned off on the website and all of a sudden people can see the source of your files :).

    0 讨论(0)
  • 予麋鹿
    2021-02-10 10:56

    It is quite safe and I don't think there is any best practice for constants, but I tend to gather them in a dedicated Constants class for readability:

    class Constants {
    const DB_PASS = 'mypass';
}
    0 讨论(0)
  • 天涯浪人
    2021-02-10 11:04

    Naming your PHP file something that begins with .ht (for instance .htconfig.inc.php) also helps, since Apache usually has a rule never to serve any files that are named .ht*. But placing your file outside of the document root is even better.

    0 讨论(0)
 看不清?
提交回复
热议问题