hiding database username and password

[gtridez]

Hey,

For security purposes i need to place the username and password for my mysql database somewhere where they can't be found...

 

i've tried placing them above the root directory but not all hosts allow this so i get a "open_basedir restriction in effect" message.

 

i've read in the o'reilly php cookbook that setting them as environment variables is one of the best way to go...

 

but i'm on a shared server so i dont have access to the httpd.conf file to do this...

 

does anyone know what i could do?

[10legit10quit]

well if you are storing the passwords in a publicly accessible file, if it is .php or some other server compiled language then when someone tries to read it they will just see a blank file.

 

on my host i use a shared server as well, but still there is a WWW directory and i just put all the password files outside this section for extra security.

 

if you cannot do that you could try other things like making a special subdirectory to hold the password files, and use .htaccess to protect that.

[gtridez]

i've had a problem with hackers finding my password when its in a public directory

[dare87]

I just make a file called mysql_connect.php that stores all the database info and put that outside the public_html folder. Then when you try to add, remove, or edit a pass/user you just call that file when you want to connect

 

<?php
	require_once('../mysql_connect.php');

and so on.

 

.htaccess would work too