News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Greg Beaver's Blog:
Protecting a MySQL user/password in a PHP script
April 03, 2006 @ 07:37:38

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.

0 comments voice your opinion now!
protecting database login password htaccess protecting database login password htaccess


blog comments powered by Disqus

Similar Posts

Community News: PortableWebAp.com

Michelangelo van Dam: Learning lessons at ZendUncon

NetTuts.com: Authentication With Laravel 4

Zend Developer Zone: Work with XML Data in the Zend Framework

Justin Silverton\'s Blog: protecting your PHP code


Community Events





Don't see your event here?
Let us know!


api community interview application developer introduction series podcast zendserver deployment version language release framework development list tips code laravel conference

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework