gtridez Posted August 4, 2007 Share Posted August 4, 2007 Hey, For security purposes i need to place the username and password for my mysql database somewhere where they can't be found... i've tried placing them above the root directory but not all hosts allow this so i get a "open_basedir restriction in effect" message. i've read in the o'reilly php cookbook that setting them as environment variables is one of the best way to go... but i'm on a shared server so i dont have access to the httpd.conf file to do this... does anyone know what i could do? Quote Link to comment https://forums.phpfreaks.com/topic/63333-hiding-database-username-and-password/ Share on other sites More sharing options...
10legit10quit Posted August 4, 2007 Share Posted August 4, 2007 well if you are storing the passwords in a publicly accessible file, if it is .php or some other server compiled language then when someone tries to read it they will just see a blank file. on my host i use a shared server as well, but still there is a WWW directory and i just put all the password files outside this section for extra security. if you cannot do that you could try other things like making a special subdirectory to hold the password files, and use .htaccess to protect that. Quote Link to comment https://forums.phpfreaks.com/topic/63333-hiding-database-username-and-password/#findComment-315637 Share on other sites More sharing options...
gtridez Posted August 4, 2007 Author Share Posted August 4, 2007 i've had a problem with hackers finding my password when its in a public directory Quote Link to comment https://forums.phpfreaks.com/topic/63333-hiding-database-username-and-password/#findComment-315641 Share on other sites More sharing options...
dare87 Posted August 5, 2007 Share Posted August 5, 2007 I just make a file called mysql_connect.php that stores all the database info and put that outside the public_html folder. Then when you try to add, remove, or edit a pass/user you just call that file when you want to connect <?php require_once('../mysql_connect.php'); and so on. .htaccess would work too Quote Link to comment https://forums.phpfreaks.com/topic/63333-hiding-database-username-and-password/#findComment-315832 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.