Omzy Posted September 8, 2009 Share Posted September 8, 2009 By secure I don't mean military level security, just general security... This is what I currently insert at the top of my PHP scripts: $server="server"; $user="username"; $pass="password"; $connect=mysql_connect($server,$user,$pass); mysql_select_db("database"); Is this secure enough? Should I ought to use a different method? Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 8, 2009 Share Posted September 8, 2009 I'm no expert, but I believe you need to send the connection info in clear text, so I think that trying to encrypt the password would be useless - you would have to include the functionality to unecrypt it in the script anyway. So, if someone had access to the config settings, they would also have access to the manner to unencrypt it. The best solution I cna think of is to NOT include the code with the database connection info within the webroot directory or sub directories. Put it in a directory not accessible via the web. Take a look at this tutorial: http://www.phpfreaks.com/tutorial/php-security/page1 Quote Link to comment Share on other sites More sharing options...
dreamwest Posted September 8, 2009 Share Posted September 8, 2009 The best solution I cna think of is to NOT include the code with the database connection info within the webroot directory or sub directories. Put it in a directory not accessible via the web. Take a look at this tutorial: http://www.phpfreaks.com/tutorial/php-security/page1 True, anything thats included can be outside browser viewing areas, you never need to view it directly anyways Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.