PHP: How to hide the password to connect to the database or instructions for connecting email?

Question

PHP: How to hide the password to connect to the database or instructions for connecting email?

I have a site developed in PHP. There are 2 classes (in 2 separate php files) that contain the gaddymin gmail user id and password (in plain text) and the database password (again in plain text). Although none of these classes are displayed in the browser (e.g. index.php). These files contain only php classes, and the html code and links to these plain text passwords are only objects of these classes. Recently, I began to wonder if it is safe enough enough? I tried my best (acting as a malicious person) to try to read the contents of the two specified php files, but could not do this. I'm not very good at developing secure code, so I'm not sure what my approach should be to make sure that these passwords are never exposed.Can anyone offer some advice on developing PHP code that may contain such sensitive information.

+5

security database php passwords

Mohit 20 sept '10 at 8:53

source share

3 answers

user228395 · Answer 1 · 2010-09-20T09:05:22+0000

Place the custom items in a separate configuration file above the public web directory
Make sure you set the correct file permissions.
Test your web application to include the local (and remote) file.
Update your server

Having your passwords in a safe place is not a complete solution, you need your secure PHP application to be safe, and no one who is unauthorized should have root / administrator access to the server.

Neville Kuyt · Answer 2 · 2012-01-30T16:46:30+0000

-, OAuth GMail, - , , , .

.

, , - -. . "" .

Neil McGuigan · Answer 3 · 2013-10-25T21:13:23+0000

, - . - .
O/S
O/S ( ).

PHP: How to hide the password to connect to the database or instructions for connecting email?

More articles: