What is the best way to protect your mysql login details?

[wright67uk]

Obviously when connecting to php Im not going to show all of my login details;

 

mysql_connect("details","details","password") or die(mysql_error()); 

mysql_select_db("details") or die(mysql_error());

 

whats the best way to hide them?

Ive seen some people using an include file with their login details on but say for eg.

 

<?php

  include('con.php');

?>

 

Whats to stop  somone looking at www.myweb/con.php and obtaining my details there instead?

[wright67uk]

Obviously when connecting to php Im not going to show all of my login details;

 

mysql_connect("details","details","password") or die(mysql_error()); 

mysql_select_db("details") or die(mysql_error());

 

whats the best way to hide them?

Ive seen some people using an include file with their login details on but say for eg.

 

<?php

  include('con.php');

?>

 

Whats to stop  somone looking at www.myweb/con.php and obtaining my details there instead?

[spiderwell]

put the include file into its own folder and add an htaccess file that prevents users from calling the file via the browser, and makes them only able to be called by scripts on the server

[PFMaBiSmAd]

What makes you think someone can see your login details if they browse to your con.php file? Did you try this yourself and look at what you get?

[kickstart]

Hi

 

con.php would be executed as a php file with the results output (which would probably be no output at all). You shouldn't be able to just look in that file.

 

All the best

 

Keith

[dreamwest]

Have your config files in a include directory and redirect the browser away to the domain, include() will still pull the files from anywhere really

 

RewriteRule ^include/(.*) http://www.site.com

 

Or better yet put it outside the browsers reach

 

 

/home/html/site.com/ *this is the site

 

/home/includes/ *this is where you sensitive files are

[wright67uk]

thankyou for the replies.  I have read that if my server doesnt parse the php correctly it is possible that it could display my php code including usernames and passwords.

 

I have now stored mysql login on a seperate folder on my server accessing it by

 

$INC_DIR = $_SERVER["DOCUMENT_ROOT"]. "/include/";

include($INC_DIR. "db.php");

 

Folder being include, and file being db.php

 

I am on a windows shared hosting plan, im not 100% but I think htaccess is for unix users.

I am with godaddy and they use permissions.

 

I have the folowing options;

 

Read (Directory contents are visible to users) 

Write (Applications can write to this directory)

 

Ive left both unticked but this causes big problems.

 

Warning: include(D:\Hosting\#######\html/include/db.php) [function.include]: failed to open stream: Permission denied in D:\Hosting\#######\html\######\newbusiness.php on line 4

 

Warning: include() [function.include]: Failed opening 'D:\Hosting\#######\html/include/db.php' for inclusion (include_path='.;C:\php5\pear') in D:\Hosting\#######\html\######\newbusiness.php on line 4

 

This is all very new to me, am i even going about this the right way?!?

[Pikachu2000]

Duplicate threads merged to this one. Don't double post.