Jump to content

What is the best way to protect your mysql login details?


wright67uk

Recommended Posts

Obviously when connecting to php Im not going to show all of my login details;

 

mysql_connect("details","details","password") or die(mysql_error()); 

mysql_select_db("details") or die(mysql_error());

 

whats the best way to hide them?

Ive seen some people using an include file with their login details on but say for eg.

 

<?php

  include('con.php');

?>

 

Whats to stop  somone looking at www.myweb/con.php and obtaining my details there instead?

Link to comment
Share on other sites

Obviously when connecting to php Im not going to show all of my login details;

 

mysql_connect("details","details","password") or die(mysql_error()); 

mysql_select_db("details") or die(mysql_error());

 

whats the best way to hide them?

Ive seen some people using an include file with their login details on but say for eg.

 

<?php

  include('con.php');

?>

 

Whats to stop  somone looking at www.myweb/con.php and obtaining my details there instead?

Link to comment
Share on other sites

Have your config files in a include directory and redirect the browser away to the domain, include() will still pull the files from anywhere really

 

RewriteRule ^include/(.*) http://www.site.com

 

Or better yet put it outside the browsers reach

 

 

/home/html/site.com/ *this is the site

 

/home/includes/ *this is where you sensitive files are

Link to comment
Share on other sites

thankyou for the replies.  I have read that if my server doesnt parse the php correctly it is possible that it could display my php code including usernames and passwords.

 

I have now stored mysql login on a seperate folder on my server accessing it by

 

$INC_DIR = $_SERVER["DOCUMENT_ROOT"]. "/include/";

include($INC_DIR. "db.php");

 

Folder being include, and file being db.php

 

I am on a windows shared hosting plan, im not 100% but I think htaccess is for unix users.

I am with godaddy and they use permissions.

 

I have the folowing options;

 

Read (Directory contents are visible to users) 

Write (Applications can write to this directory)

 

Ive left both unticked but this causes big problems.

 

Warning: include(D:\Hosting\#######\html/include/db.php) [function.include]: failed to open stream: Permission denied in D:\Hosting\#######\html\######\newbusiness.php on line 4

 

Warning: include() [function.include]: Failed opening 'D:\Hosting\#######\html/include/db.php' for inclusion (include_path='.;C:\php5\pear') in D:\Hosting\#######\html\######\newbusiness.php on line 4

 

This is all very new to me, am i even going about this the right way?!?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.