Geek Answers Handbook

How to protect hard drive login / password in PHP?

I am writing a simple PHP script to access the Foursquare API. PHP will always access the same Foursquare account. At the moment, I have this login information hardcoded in my script. What is the best way to protect this information?

If I follow the tips from this thread, I should just put the information for entering the configuration file outside the root directory of the website: How to protect database passwords in PHP?

Is this the best advice? Or is there a better way to protect login information?

+7
security php passwords login password-protection
source share
3 answers

The best way, of course, would be to not store it at all.

If you cannot do this, storing it inside the PHP file (as variables) should ensure that it will not be sent to the client side. If you are really paranoid that your web server suddenly stops interpreting PHP, you can put it in a separate file, outside the document root directory or where access is denied (for example, using the .htaccess directive).

+10
source share

(There is specific linux-related data here, so please forgive them if this is not your platform ...)

If you work in apache and have access to configuration files (which may be wrong with shared hosting), you can put such a line in your VirtualHost configuration file (or httpd.conf or another included configuration file):

SetEnv FOURSQUARE_PW "your password"

Then your php scripts can access it in $_SERVER['FOURSQUARE_PW'] .

The advantage is that you can make this configuration file available only to root, since apache will be run as root using init.d.

+4
source share

storing in a .php file as a variable outside the root directory in a file name that is not frivolous is a smart, secure way to store your credentials. But if you can not store it on the server at all, that would be better. Provide a login page to enter this information upon request, which will be used for the session, and then discarded as soon as you no longer need it.

0
source share

More articles:


All Articles