eric1235711 Posted January 18, 2007 Share Posted January 18, 2007 HelloI don´t wanna let my database access password in the source code...How could I do it?Well, I just don´t want the other programmers see the user/pwd info...Is there any way to do it?thanx Link to comment https://forums.phpfreaks.com/topic/34734-security-help/ Share on other sites More sharing options...
Orio Posted January 18, 2007 Share Posted January 18, 2007 You could have a php file on another server that will contain your username and password for the database in two variables. This file can be included, and no one will know what it contains.You just need to have another server the other programmers don't have access to, and to enable allow_url_fopen (if you are using PHP older than 5.2) or allow_url_include (if you are using PHP 5.2) in the php.ini.Orio. Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-163677 Share on other sites More sharing options...
eric1235711 Posted January 18, 2007 Author Share Posted January 18, 2007 Nice... I didn´t think about it...But I need something stronger... for example... some one could do this:[code]<?php require_once('http://myremoteserver.com/mydata.php'); // this file contain the connection data /* codes and more codes ... */ $db->connect(DB_HOST,DB_USER,DB_PWD); // and I come here and... echo 'host:' . DB_HOST . ' user:' . DB_USER . ' pwd:' . DB_PWD; // Weeeee, access for me /* bla bla bla ... */[/code]Any Ideas? Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-163724 Share on other sites More sharing options...
eric1235711 Posted January 18, 2007 Author Share Posted January 18, 2007 any one there??? Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-163818 Share on other sites More sharing options...
eric1235711 Posted January 18, 2007 Author Share Posted January 18, 2007 Wow...please, tell me if I just can´t protect it in such way...I need it because a programmer here probably will be fired and we are afraid of the damage that he can do... Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-163927 Share on other sites More sharing options...
Hypnos Posted January 18, 2007 Share Posted January 18, 2007 Make sure you have remote connections disabled for your MySQL server. Then there is no way for him to do any damage remotely via MySQL.Of course, that doesn't close off the other security holes you may have on your FTP, SSH server, etc, that may still allow him to connect to that database through local means.To more directly answer your question, you could encode the PHP file with your MySQL connection details with one of those products designed to do such. Like Zend Guard. Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-163943 Share on other sites More sharing options...
Nhoj Posted January 18, 2007 Share Posted January 18, 2007 There is no possible way for anyone to get the source code of a PHP file unless it is chmodded to anything other than 644 or they have access to your sites backend. Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-163982 Share on other sites More sharing options...
dgiberson Posted January 18, 2007 Share Posted January 18, 2007 If the programmer is going to be canned, why not just change the username/password? Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-163986 Share on other sites More sharing options...
eric1235711 Posted January 19, 2007 Author Share Posted January 19, 2007 He´s now in vacation but sometimes he comes here to use the internet...The major problem is that the computers with the development source codes aren´t in a secure room...And these computers are running Windows, there are many ways to crack into the files...If we get an good "physical protection" an usr/pwd change would be enought....I find that that´s the only way... Link to comment https://forums.phpfreaks.com/topic/34734-security-help/#findComment-164501 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.