Omzy Posted September 8, 2009 Share Posted September 8, 2009 By secure I don't mean military level security, just general security... This is what I currently insert at the top of my PHP scripts: $server="server"; $user="username"; $pass="password"; $connect=mysql_connect($server,$user,$pass); mysql_select_db("database"); Is this secure enough? Should I ought to use a different method? Link to comment https://forums.phpfreaks.com/topic/173605-secure-database-connection/ Share on other sites More sharing options...
Psycho Posted September 8, 2009 Share Posted September 8, 2009 I'm no expert, but I believe you need to send the connection info in clear text, so I think that trying to encrypt the password would be useless - you would have to include the functionality to unecrypt it in the script anyway. So, if someone had access to the config settings, they would also have access to the manner to unencrypt it. The best solution I cna think of is to NOT include the code with the database connection info within the webroot directory or sub directories. Put it in a directory not accessible via the web. Take a look at this tutorial: http://www.phpfreaks.com/tutorial/php-security/page1 Link to comment https://forums.phpfreaks.com/topic/173605-secure-database-connection/#findComment-915108 Share on other sites More sharing options...
dreamwest Posted September 8, 2009 Share Posted September 8, 2009 The best solution I cna think of is to NOT include the code with the database connection info within the webroot directory or sub directories. Put it in a directory not accessible via the web. Take a look at this tutorial: http://www.phpfreaks.com/tutorial/php-security/page1 True, anything thats included can be outside browser viewing areas, you never need to view it directly anyways Link to comment https://forums.phpfreaks.com/topic/173605-secure-database-connection/#findComment-915116 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.