PigsHidePies Posted September 7, 2006 Share Posted September 7, 2006 I was wondering if there was a way to either hide or encrypt the password in a connection request to a mysql database. I am using:@ $db=new mysqli('localhost', 'username', 'password', 'database');This doesnt seem like a good idea to me to have a plaintext password hardcoded into the script. Any alternatives are appreciated. thanks Link to comment https://forums.phpfreaks.com/topic/20048-encrypting-password-in-mysqli-connection/ Share on other sites More sharing options...
obsidian Posted September 7, 2006 Share Posted September 7, 2006 one way i like to do it is have my variables set in another file. for instance, i'll have something like this:[code]<?php// inc.config.php$dbConn = array( 'user' => 'username', 'pass' => 'password', 'name' => 'database', 'host' => 'localhost');?>[/code]then, just require your config file and use the variables in your connection string:[code]<?phprequire('inc.config.php');$conn = mysql_connect($dbConn['host'], $dbConn['user'], $dbConn['pass']);if (!$conn) { die("Couldn't connect to database!");}mysql_select_db($dbConn['name'], $conn);?>[/code]this way, if you're concerned about security, you could even have this file below your web root to restrict web access and include from there.hope this helps. Link to comment https://forums.phpfreaks.com/topic/20048-encrypting-password-in-mysqli-connection/#findComment-87965 Share on other sites More sharing options...
PigsHidePies Posted September 7, 2006 Author Share Posted September 7, 2006 Thanks for your quick reply. One more question: If I use a web host, is it considered insecure if I keep the seperate file under the web root or do you perhaps know a better way when using a webhost? thanks again Link to comment https://forums.phpfreaks.com/topic/20048-encrypting-password-in-mysqli-connection/#findComment-87975 Share on other sites More sharing options...
obsidian Posted September 7, 2006 Share Posted September 7, 2006 anything you do is going to require you to put your password hardcoded SOMEWHERE, so to me, the method i mentioned above is about the best you're going to get. if someone were to hack your server and have access to the containing file, most likely they'll be able to get to your database without looking at that file anyway, so by that point, it doesn't much matter ;) Link to comment https://forums.phpfreaks.com/topic/20048-encrypting-password-in-mysqli-connection/#findComment-87979 Share on other sites More sharing options...
PigsHidePies Posted September 7, 2006 Author Share Posted September 7, 2006 makes sense, thanks for your help, obsidian. Link to comment https://forums.phpfreaks.com/topic/20048-encrypting-password-in-mysqli-connection/#findComment-87982 Share on other sites More sharing options...
obsidian Posted September 7, 2006 Share Posted September 7, 2006 [quote author=PigsHidePies link=topic=107270.msg430146#msg430146 date=1157661843]makes sense, thanks for your help, obsidian.[/quote]no problem. keep checking back, because some of the other guys may have some more input on this that i haven't considered in this post. Link to comment https://forums.phpfreaks.com/topic/20048-encrypting-password-in-mysqli-connection/#findComment-87985 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.