Jump to content

Archived

This topic is now archived and is closed to further replies.

PigsHidePies

Encrypting password in mysqli connection

Recommended Posts

I was wondering if there was a way to either hide or encrypt the password in a connection request to a mysql database. I am using:
@ $db=new mysqli('localhost', 'username', 'password', 'database');

This doesnt seem like a good idea to me to have a plaintext password hardcoded into the script. Any alternatives are appreciated. thanks

Share this post


Link to post
Share on other sites
one way i like to do it is have my variables set in another file. for instance, i'll have something like this:
[code]
<?php
// inc.config.php
$dbConn = array(
  'user' => 'username',
  'pass' => 'password',
  'name' => 'database',
  'host' => 'localhost'
);
?>
[/code]

then, just require your config file and use the variables in your connection string:
[code]
<?php
require('inc.config.php');
$conn = mysql_connect($dbConn['host'], $dbConn['user'], $dbConn['pass']);
if (!$conn) {
  die("Couldn't connect to database!");
}
mysql_select_db($dbConn['name'], $conn);
?>
[/code]

this way, if you're concerned about security, you could even have this file below your web root to restrict web access and include from there.

hope this helps.

Share this post


Link to post
Share on other sites
Thanks for your quick reply. One more question: If I use a web host, is it considered insecure if I keep the seperate file under the web root or do you perhaps know a better way when using a webhost? thanks again

Share this post


Link to post
Share on other sites
anything you do is going to require you to put your password hardcoded SOMEWHERE, so to me, the method i mentioned above is about the best you're going to get. if someone were to hack your server and have access to the containing file, most likely they'll be able to get to your database without looking at that file anyway, so by that point, it doesn't much matter ;)

Share this post


Link to post
Share on other sites
[quote author=PigsHidePies link=topic=107270.msg430146#msg430146 date=1157661843]
makes sense, thanks for your help, obsidian.
[/quote]

no problem. keep checking back, because some of the other guys may have some more input on this that i haven't considered in this post.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.