Geek Answers Handbook

How to hide my mySQL credentials in my PHP script?

I have a great php mySQL login script that works fine. Is there any other way to provide all my access information without revealing it in a script? Now I am showing all the information about access to security, which, in my opinion, is unsafe.

Is it possible to hide it?

Here is what I mean:

$host="localhost"; // Host name $username="XXXXXXXXXX"; // Mysql username $password="XXXXXXXXXX"; // Mysql password $db_name="XXXXXXXXXXX"; // Database name $tbl_name="XXXXXXXXXX"; // Table name
+4
source share
6 answers

Create database.php, move the code snippet above to database.php, then ..

 include "database.php";

At the top of every page that requires a database connection.

+7
source

First step: put all mysql api in a separate file, than include it in other scripts.

Second: deny access to the sql config \ api file due to your server setup.

btw, with whom do you show "show all security access information"?

+1
source

As long as php interprets your script before sending it to the client, you are safe. If you have access to apache conf files, you can try something like this.

http://www.brianhare.com/wordpress/2011/02/18/hiding-mysql-passwords-in-php-using-apache-environment-variables/

If you are going to include the file at the top of your script, it is important that you provide the file with an extension that will be interpreted (.php) or prevent it from being in the .htaccess file. Otherwise, you risk that the web server will serve as text on request.

0
source

There is no easy way to do this, I would suggest storing the variables in a separate file, and then just include the data. If you are unhappy that others are reading data, why not create a separate user specifically for the script? The way I do it.

0
source

If you want to give away this script and train the entire file earlier, you can always use Zend Guard

http://www.zend.com/en/products/guard/

0
source

It must be defined somewhere. I would make sure you installed suPHP to set permissions to 400 . Then include a file with your definitions like connection.php etc. This is very safe as it allows php files to be read only by the server / your account .

0
source

More articles:


All Articles