News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Greg Beaver's Blog:
Protecting a MySQL user/password in a PHP script
April 03, 2006 @ 07:37:38

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.

0 comments voice your opinion now!
protecting database login password htaccess protecting database login password htaccess


blog comments powered by Disqus

Similar Posts

Oren Solomianik's Blog: Zend Framework Database Admin

phpPatterns.com: Creating XUL applications with PHP

Lorenzo Alberton's Blog: DBMS and charsets, a summary and a call for help

Devshed: Database Details and PHP

Andi Gutmans' Blog: PHP and Database Connection Pooling


Community Events





Don't see your event here?
Let us know!


introduction laravel bugfix framework project wordpress library list api code application language threedevsandamaybe series release community configure interview podcast developer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework