rohithreddyk Posted May 27, 2009 Share Posted May 27, 2009 hi.. I wan to know what is the best way to secure database username/password values.... till now what i am doing is have a config.php file which contains the req info and include it in all the php files where database connection is needed.. config.php $db_server = 'Localhost'; $db_name = '#####'; $db_username = '#######'; $db_password = '#######'; $link = mysql_connect($db_server,$db_username,$db_password); // Link to use in session connections to form dB based sessions if(!$link){ die("Could not connect to database!"); } $db = mysql_select_db($db_name,$link); if(! $db){ die("Could not select database!"); } and I am including this in all .php files where needed.. i want to know what are the security probs with using this and want to know the best way to do this Thanks in advance Link to comment https://forums.phpfreaks.com/topic/159888-secure-database-configuration-values/ Share on other sites More sharing options...
anupamsaha Posted May 27, 2009 Share Posted May 27, 2009 Do you want to hide DB access info from others? If yes, simply put the config file outside the web root directory and include the file from there in all the required script. Also, you can set the path of the config file include path directive in php.ini file, if possible or in .htaccess file. Hope this will help. Link to comment https://forums.phpfreaks.com/topic/159888-secure-database-configuration-values/#findComment-843292 Share on other sites More sharing options...
rohithreddyk Posted May 27, 2009 Author Share Posted May 27, 2009 prob is i dont have control over php.ini file.. and i dont have access to entire web root.. one folder was created by the admin and that folder is shared with me...i have all my .php files in that folder Link to comment https://forums.phpfreaks.com/topic/159888-secure-database-configuration-values/#findComment-843361 Share on other sites More sharing options...
PFMaBiSmAd Posted May 27, 2009 Share Posted May 27, 2009 Php code in a .php file IS secure, unless the php installation on your server breaks so that php code is no longer parsed at the same time someone is attempting to access your config.php file. You should put some code in the file to prevent the connection code from being executed if someone browses directly to the file - // detect direct access to included/required file if(strtolower(basename($_SERVER["SCRIPT_NAME"])) == strtolower(basename(__FILE__))){ exit('No Direct Access'); } Link to comment https://forums.phpfreaks.com/topic/159888-secure-database-configuration-values/#findComment-843369 Share on other sites More sharing options...
rohithreddyk Posted May 27, 2009 Author Share Posted May 27, 2009 thanks a lot...that helps Link to comment https://forums.phpfreaks.com/topic/159888-secure-database-configuration-values/#findComment-843372 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.