How to secure database configuration file in project? [duplicate]

巧了我就是萌 提交于 2019-11-29 08:23:40

问题


This question already has an answer here:

  • How to secure database passwords in PHP? 16 answers
  • a better approach than storing mysql password in plain text in config file? 7 answers

I have created on php file for establishing connection with database server. In this file, i am using mysql_connect() function with parameters host, username and password of my database server.

public class DatabaseConnect
{
function __construct()
{
    mysql_connect('localhost','username','password') or die('Could not connect to mysql server.');
    mysql_select_db('databasename');
}

}

Now in this case, username and password are visible to others.

I found one more way to secure the value i.e. mysql.default_user and mysql.default_password. In which scenario we have to this way?

Or how could i secure my values from others?


回答1:


You can try to put your database credentials in separate file with proper UNIX permissions set, for example 644, and then include this file on top of your script.

The configuration.php file will look like:

<?php
define (DB_USER, "mysql_user");
define (DB_PASSWORD, "mysql_password");
define (DB_DATABASE, "database_name");
define (DB_HOST, "localhost");
?>

Your original script will look something like this:

require ("configuration.php");
public class DatabaseConnect
{
function __construct()
{
    mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die('Could not connect to MySQL server.');
    mysql_select_db(DB_DATABASE);
}

}



回答2:


Now in this case, username and password are visible to others.

Only to those, that have access to your source code. This should not be a problem. But if you want to separate code and database credentials, make sure that the configuration file is located outside the web root.



来源:https://stackoverflow.com/questions/14952853/how-to-secure-database-configuration-file-in-project

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!