News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Greg Beaver's Blog:
Protecting a MySQL user/password in a PHP script
April 03, 2006 @ 07:37:38

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.

0 comments voice your opinion now!
protecting database login password htaccess protecting database login password htaccess


blog comments powered by Disqus

Similar Posts

DZone.com: The Best Unknown Databases for PHP Apps

Jeff Moore's Blog: PDO versus MDB2

PHP.net: Security Notice (wiki.php.net)

DevShed: Optimizing System Performance

Jeremy Zawodny's Blog: Database Abstraction Layers Must Die!


Community Events





Don't see your event here?
Let us know!


series package library release interview application version podcast laravel framework introduction install language composer security opinion community symfony voicesoftheelephpant update

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework