Jump to content


Photo

Encrypting password in mysqli connection


  • Please log in to reply
5 replies to this topic

#1 PigsHidePies

PigsHidePies
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 07 September 2006 - 08:07 PM

I was wondering if there was a way to either hide or encrypt the password in a connection request to a mysql database. I am using:
@ $db=new mysqli('localhost', 'username', 'password', 'database');

This doesnt seem like a good idea to me to have a plaintext password hardcoded into the script. Any alternatives are appreciated. thanks

#2 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 07 September 2006 - 08:15 PM

one way i like to do it is have my variables set in another file. for instance, i'll have something like this:
<?php
// inc.config.php
$dbConn = array(
  'user' => 'username',
  'pass' => 'password',
  'name' => 'database',
  'host' => 'localhost'
);
?>

then, just require your config file and use the variables in your connection string:
<?php
require('inc.config.php');
$conn = mysql_connect($dbConn['host'], $dbConn['user'], $dbConn['pass']);
if (!$conn) {
  die("Couldn't connect to database!");
}
mysql_select_db($dbConn['name'], $conn);
?>

this way, if you're concerned about security, you could even have this file below your web root to restrict web access and include from there.

hope this helps.
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#3 PigsHidePies

PigsHidePies
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 07 September 2006 - 08:37 PM

Thanks for your quick reply. One more question: If I use a web host, is it considered insecure if I keep the seperate file under the web root or do you perhaps know a better way when using a webhost? thanks again

#4 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 07 September 2006 - 08:41 PM

anything you do is going to require you to put your password hardcoded SOMEWHERE, so to me, the method i mentioned above is about the best you're going to get. if someone were to hack your server and have access to the containing file, most likely they'll be able to get to your database without looking at that file anyway, so by that point, it doesn't much matter ;)
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

#5 PigsHidePies

PigsHidePies
  • Members
  • PipPip
  • Member
  • 27 posts

Posted 07 September 2006 - 08:44 PM

makes sense, thanks for your help, obsidian.

#6 obsidian

obsidian
  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 07 September 2006 - 08:47 PM

makes sense, thanks for your help, obsidian.


no problem. keep checking back, because some of the other guys may have some more input on this that i haven't considered in this post.
You can't win, you can't lose, you can't break even... you can't even get out of the game.

<?php
while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users