rohithreddyk Posted May 27, 2009 Share Posted May 27, 2009 hi.. I wan to know what is the best way to secure database username/password values.... till now what i am doing is have a config.php file which contains the req info and include it in all the php files where database connection is needed.. config.php $db_server = 'Localhost'; $db_name = '#####'; $db_username = '#######'; $db_password = '#######'; $link = mysql_connect($db_server,$db_username,$db_password); // Link to use in session connections to form dB based sessions if(!$link){ die("Could not connect to database!"); } $db = mysql_select_db($db_name,$link); if(! $db){ die("Could not select database!"); } and I am including this in all .php files where needed.. i want to know what are the security probs with using this and want to know the best way to do this Thanks in advance Quote Link to comment Share on other sites More sharing options...
anupamsaha Posted May 27, 2009 Share Posted May 27, 2009 Do you want to hide DB access info from others? If yes, simply put the config file outside the web root directory and include the file from there in all the required script. Also, you can set the path of the config file include path directive in php.ini file, if possible or in .htaccess file. Hope this will help. Quote Link to comment Share on other sites More sharing options...
rohithreddyk Posted May 27, 2009 Author Share Posted May 27, 2009 prob is i dont have control over php.ini file.. and i dont have access to entire web root.. one folder was created by the admin and that folder is shared with me...i have all my .php files in that folder Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 27, 2009 Share Posted May 27, 2009 Php code in a .php file IS secure, unless the php installation on your server breaks so that php code is no longer parsed at the same time someone is attempting to access your config.php file. You should put some code in the file to prevent the connection code from being executed if someone browses directly to the file - // detect direct access to included/required file if(strtolower(basename($_SERVER["SCRIPT_NAME"])) == strtolower(basename(__FILE__))){ exit('No Direct Access'); } Quote Link to comment Share on other sites More sharing options...
rohithreddyk Posted May 27, 2009 Author Share Posted May 27, 2009 thanks a lot...that helps Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.