dannyb785 Posted July 30, 2008 Share Posted July 30, 2008 Hi, I have 2 main questions... Firstly, since I have my mysql username and password(and all connection info) in a .php file, I know it can't be read if accessed, so does that make it completely safe from anyone being able to read it and get the information? Secondly, even if someone did have my login info for the database, would they really be able to use my database on their server? Because I connect thru 'localhost' which I've seen is the same for other hosts, so I imagine that 'localhost' on another server couldn't possibly connect to my server. Or am I wrong in that assumption? Lastly, I'm sure most of you guys's ftp directories go like "root -> public_html -> files visible by all" so that if I have a file in public_html, anyone can access it. But what if I put it in the root folder, and then was to access the file by doing "../file.php" with an include. Would it work correctly, and if so, would that prevent others from being able to view it? Basically, in summary, what the absolute best, safest way to protect my database connection information? Quote Link to comment Share on other sites More sharing options...
rhodesa Posted July 30, 2008 Share Posted July 30, 2008 yes, you can put files outside of public_html and access them with an include. i would create another folder under root (sibling of public_html) to keep all of your included files (i usually call mine 'include'). other things you can do, is to turn the display of PHP errors off. this way, if the connection fails, your username (which is in the error) isn't displayed: http://us3.php.net/manual/en/errorfunc.configuration.php#ini.display-errors as for localhost, it's a universal alias for the current system. this doesn't mean others cannot connect if they get your name/pass. When creating the user (using phpMyAdmin), select to only allow connections from localhost. that will block any attempts to connect from outside sources. Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted July 31, 2008 Author Share Posted July 31, 2008 good idea with the creating a folder next to public_html! I'll surely do it. Same with setting the database to only allow localhost, that is important! I didn't know it had that feature to be set. Thanks a bunch! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.