Page 1 of 1
Securing the Connection String
Posted: Mon Sep 18, 2006 3:51 am
by rehandalal
Hi,
I'm relatively new to PHP and was wondering how to make sure the username and password in my connection string were kept secure and unreadable by end users...
I am connecting to MySQL database...
Thanks!
Rehan
Posted: Mon Sep 18, 2006 4:43 am
by aaronhall
Just make sure that if you put your connection functions and information into a separate file to be included by other files, that the filename's extension is recognized by php, not something like '.inc' or '.include'.
Posted: Mon Sep 18, 2006 4:51 am
by rehandalal
Ok... well now I went ahead and google'ed the ways to do this... and apparently I should in addition to making the included files PHP files ensure that the files are out of the WEB TREE... Any ideas on how I can get that done...
Posted: Mon Sep 18, 2006 9:59 am
by ody
Under a GNU/linux environment you would put the config file one directory below the web root.. i.e. if the web root was /home/httpd/html you would put the conf file in /home/httpd and include it from there. The idea is if for what ever reason your http server decided to spit out the contents of the config file instead of parsing it no one could access it because it's not in the web root. Be sure to give it the correct ownership which is normally nobody.
Posted: Mon Sep 18, 2006 1:33 pm
by rehandalal
hm... alrite well suppose my web root was:
../web/public_html/
and i was to put the config file in:
../web/
how excatly would i include the file in another PHP file located in the root directory?
ALSO
how would i assign the correct ownership?? CHMOD?? And if so what should be the CHMOD settings?
THANKS!!!
Posted: Mon Sep 18, 2006 1:42 pm
by ody
rehandalal wrote:hm... alrite well suppose my web root was:
../web/public_html/
and i was to put the config file in:
../web/
how excatly would i include the file in another PHP file located in the root directory?
Code: Select all
require_once('/web/conf.inc.php');
rehandalal wrote:
how would i assign the correct ownership?? CHMOD?? And if so what should be the CHMOD settings?
Code: Select all
chown nobody.nobody /web/conf.inc.php
Posted: Mon Sep 18, 2006 1:50 pm
by rehandalal
thanks for the speedy reply... still a little confused though...
supposed i am including the config file in the file:
../web/public_html/index.php
wouldnt:
Code: Select all
require_once('/web/conf.inc.php');
cause it to try to include the file:
../web/public_html/web/conf.inc.php
or am i mistaken there...