Jump to content

Is it unsecure to...

ShoeLace1291

By ShoeLace1291
in PHP Coding Help

 Share

Recommended Posts

ShoeLace1291 Advanced Member

ShoeLace1291

Posted
Posted

In the past, when I develop a website it usually consists of a members database and login system.  Currently, I am in the process of creating my own personal website.  I am going to develop an admin area for myself to easily manage the content, but I will be the only person using it.  Instead of making a members table in the database, I thought I would just store the admin login information in a config file, and then validate the login information based on that.  A though came across my mind, however, that it might be unsecure to  do this... can anybody think of any reason as to why doing this would be unsecure?

Link to comment
https://forums.phpfreaks.com/topic/268375-is-it-unsecure-to/
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

or you could use the webserver to protect a folder with a password.

 

if you put it into a php file, even if the file gets executed, the php code wont be viewable in the client

 

There's no reason at all to put sensitive information within the web root. Why even give the opportunity to parse it?

Link to comment
https://forums.phpfreaks.com/topic/268375-is-it-unsecure-to/#findComment-1377923
Share on other sites
scootstah Member

scootstah

Posted
Posted

or you could use the webserver to protect a folder with a password.

 

if you put it into a php file, even if the file gets executed, the php code wont be viewable in the client

 

There's no reason at all to put sensitive information within the web root. Why even give the opportunity to parse it?

 

Barring some serious flaws in your code, there's no way to output the contents of a PHP file by executing it on the webserver. If there was, a lot of websites would be in deep trouble.

 

So, while I do agree with you, there isn't an immediate cause for concern by storing a password in a php file. After all, that is how nearly every PHP CMS and framework stores database credentials.

Link to comment
https://forums.phpfreaks.com/topic/268375-is-it-unsecure-to/#findComment-1377968
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.