News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Greg Beaver's Blog:
Protecting a MySQL user/password in a PHP script
April 03, 2006 @ 07:37:38

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.

0 comments voice your opinion now!
protecting database login password htaccess protecting database login password htaccess


blog comments powered by Disqus

Similar Posts

Richard Lord's Blog: PHP Password Security

Ibuildings techPortal: Learning PHP 5.3 by writing your own ORM

DevShed: Database Security: Guarding Against SQL Injection

Rob Allen's Blog: Akrabat_Db_Schema_Manager: Zend Framework database migrations

Kevin Schroeder: Why is FastCGI /w Nginx so much faster than Apache /w mod_php?


Community Events





Don't see your event here?
Let us know!


opinion release series symfony2 api refactor framework code developer laravel introduction threedevsandamaybe testing install unittest community podcast language interview list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework