News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Greg Beaver's Blog:
Protecting a MySQL user/password in a PHP script
April 03, 2006 @ 07:37:38

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.

0 comments voice your opinion now!
protecting database login password htaccess protecting database login password htaccess


blog comments powered by Disqus

Similar Posts

Gonzalo Ayuso's Blog: Database connection pooling with PHP and gearman

Ligaya Turmelle's Blog: SQL Server DNS

Zend Developer Zone: Did you hear Sun was buying MySQL?

DZone.com: Two More Non-Mainstream Databases for PHP Apps

Matthew Turland's Blog: EAV Modeling - Square Peg in a Round Hole?


Community Events





Don't see your event here?
Let us know!


voicesoftheelephpant deployment interview list api package introduction community podcast framework release series install opinion laravel language symfony bugfix library tips

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework