发表新帖
发表新帖

PDO Connect with an encrypted password?

前端 未结
关注
2 928
野的像风
野的像风 2021-01-26 05:37

Ideally I would prefer not to have a password for a database in its raw form in a config file.

Is there away that pdo mysql connect accepts a md5 or sha1 version??

相关标签:
2条回答
  • 天涯浪人
    2021-01-26 06:21

    The best way it to put restrict access to the server by an IP address like dogmatic69 suggestion. using 127.0.0.1 if the database server is on the same server as the web server or use the IP address of the web server if the database server is on a different server.

    0 讨论(0)
  • 长发绾君心
    2021-01-26 06:34

    1) make the file only accessible to www-data.

    2) never use a username/pw combo that has more privelage than needed (eg no grant, drop, create etc, only select insert)

    3) make mysql only accept connections from 127.0.0.1

    If someone has access to your box you have more problems than worrying about your applications db password.

    0 讨论(0)
 看不清?
提交回复
热议问题