Securing the Connection String

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
rehandalal
Forum Newbie
Posts: 10
Joined: Mon Sep 18, 2006 3:44 am
Location: Mumbai, India

Securing the Connection String

Post by rehandalal »

Hi,

I'm relatively new to PHP and was wondering how to make sure the username and password in my connection string were kept secure and unreadable by end users...

I am connecting to MySQL database...

Thanks!

Rehan
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Just make sure that if you put your connection functions and information into a separate file to be included by other files, that the filename's extension is recognized by php, not something like '.inc' or '.include'.
rehandalal
Forum Newbie
Posts: 10
Joined: Mon Sep 18, 2006 3:44 am
Location: Mumbai, India

Post by rehandalal »

Ok... well now I went ahead and google'ed the ways to do this... and apparently I should in addition to making the included files PHP files ensure that the files are out of the WEB TREE... Any ideas on how I can get that done...
ody
Forum Contributor
Posts: 147
Joined: Sat Mar 27, 2004 4:42 am
Location: ManchesterUK

Post by ody »

Under a GNU/linux environment you would put the config file one directory below the web root.. i.e. if the web root was /home/httpd/html you would put the conf file in /home/httpd and include it from there. The idea is if for what ever reason your http server decided to spit out the contents of the config file instead of parsing it no one could access it because it's not in the web root. Be sure to give it the correct ownership which is normally nobody.
rehandalal
Forum Newbie
Posts: 10
Joined: Mon Sep 18, 2006 3:44 am
Location: Mumbai, India

Post by rehandalal »

hm... alrite well suppose my web root was:
../web/public_html/

and i was to put the config file in:
../web/

how excatly would i include the file in another PHP file located in the root directory?

ALSO

how would i assign the correct ownership?? CHMOD?? And if so what should be the CHMOD settings?

THANKS!!!
ody
Forum Contributor
Posts: 147
Joined: Sat Mar 27, 2004 4:42 am
Location: ManchesterUK

Post by ody »

rehandalal wrote:hm... alrite well suppose my web root was:
../web/public_html/

and i was to put the config file in:
../web/

how excatly would i include the file in another PHP file located in the root directory?

Code: Select all

require_once('/web/conf.inc.php');
rehandalal wrote: how would i assign the correct ownership?? CHMOD?? And if so what should be the CHMOD settings?

Code: Select all

chown nobody.nobody /web/conf.inc.php
rehandalal
Forum Newbie
Posts: 10
Joined: Mon Sep 18, 2006 3:44 am
Location: Mumbai, India

Post by rehandalal »

thanks for the speedy reply... still a little confused though...

supposed i am including the config file in the file:
../web/public_html/index.php

wouldnt:

Code: Select all

require_once('/web/conf.inc.php');
cause it to try to include the file:
../web/public_html/web/conf.inc.php

or am i mistaken there...
Post Reply