beyuch Posted February 14, 2008 Share Posted February 14, 2008 Hello everyone... Ive been using MySQL and PHP for some time now but my code has never been right. In my code I always store the username and password.. the reason for this is because I have always required a quick and dirty solution and it did the job. Anyway... the reason I am posting this is because I want some advise on the best way to store a username/password that can be used by all scripts. Typically I see on sites and in CMSs such as Joomla, that the username/password is stored in a configuration/config file and is 'included' - in plain text. Is this the way to do it? Is there a better solution? Quote Link to comment Share on other sites More sharing options...
dbo Posted February 14, 2008 Share Posted February 14, 2008 It's a good idea to store the file outside of the public_html directory when possible. Quote Link to comment Share on other sites More sharing options...
beyuch Posted February 17, 2008 Author Share Posted February 17, 2008 so.. the only way to store the username/password is in plain text in a file outside of the public_html folder? Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted February 17, 2008 Share Posted February 17, 2008 It can be stored inside the document root, but for security reasons it's better to store it at a place which is not publicly accessible. Quote Link to comment Share on other sites More sharing options...
Acs Posted February 17, 2008 Share Posted February 17, 2008 But if it's stored inside a php file no one will be able to read it so what's the problem? Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted February 17, 2008 Share Posted February 17, 2008 The server or the mod_php module can fail and serve .php files in plain text. I've seen that happen numerous times. Quote Link to comment Share on other sites More sharing options...
Acs Posted February 17, 2008 Share Posted February 17, 2008 Really? Never happened to me Quote Link to comment Share on other sites More sharing options...
TheFilmGod Posted February 19, 2008 Share Posted February 19, 2008 Really? Never happened to me happended to facebook one time. Quote Link to comment Share on other sites More sharing options...
Acs Posted February 19, 2008 Share Posted February 19, 2008 Ok.. but even if it's served as plain text. Then the user would have to know exactly witch file the password was on so that he might see it. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted February 19, 2008 Share Posted February 19, 2008 Indeed, but he can see the source then he can see which files are included Quote Link to comment Share on other sites More sharing options...
dbo Posted February 19, 2008 Share Posted February 19, 2008 Just store it out of the document root and call it a day.... The way I'm doing this right now is by having an init.php and a config.php. All of my files include the init.php file, which simply references the config file. As long as I have the path in the init.php file right, all the other files will have access to the variables without having to implicitly include it. So, then you just move the config.php file (the one with db credentials) to a place not publicly accessible, or completely out of the public_html directory. Then change the reference in the init.php file. It's very easy and makes the code easy to move and update. Quote Link to comment Share on other sites More sharing options...
juke Posted February 20, 2008 Share Posted February 20, 2008 You can always store it and use htaccess to protect it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.