SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Jul 2010
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    where do you save user,password for connect database

    where do you save username,password,database name?
    for me i create all data in file dbc.php
    and include this file for connect
    in file dbc.php
    and define username,password,host,database name

    what do you think about it?

  2. #2
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,526
    Mentioned
    83 Post(s)
    Tagged
    3 Thread(s)
    Defining them as global variables is not a good idea, because then you're leaving the gates wide open for ANY code to gain access to that information.

    Commonly you should store the username and password in a configuration file that is outside of the web accessible structure. That way any passwords are not available from your source control, and the configuration file can be appropriately secured (and configured) by the system administrators.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,042
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    I prefer an XML file above the site root.

    Code XML:
    <?xml version="1.0"?>
    <config>
    		<db>
    			<pass>pass</pass>
    			<user>user</user>
    			<host>host</host>
    			<db>db</db>
    		</db>
    </config>

  4. #4
    SitePoint Member
    Join Date
    Jul 2010
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But I'm not sure they can open my file in on server?
    or set permission?

  5. #5
    Unobtrusively zen silver trophybronze trophy
    paul_wilkins's Avatar
    Join Date
    Jan 2007
    Location
    Christchurch, New Zealand
    Posts
    14,526
    Mentioned
    83 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by lung View Post
    But I'm not sure they can open my file in on server?
    or set permission?
    This is why it's stored outside of the web structure, and/or the system administrator set the permissions for the file so that it's not publicly accessible.
    Programming Group Advisor
    Reference: JavaScript, Quirksmode Validate: HTML Validation, JSLint
    Car is to Carpet as Java is to JavaScript

  6. #6
    SitePoint Member
    Join Date
    Jul 2010
    Posts
    20
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    possible they can read my PHP file on server?
    for username we define -> $987654123TgUiaLosPXlsdsdsdsedw=root;
    for password we define -> $987654123TgUiaLosPXlsdsdsdsesdsdw=12345;
    for host we define -> $987654123TgUiaLosPXlsdsdsdsedwdsfse=localhost;
    if Yes: what should do?
    if NO: we only create configweb.php and inside define all data,for use all file and what should we set permission file?

  7. #7
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Has anyone tried defining SELinux policy (or some other technique) to define which php files can include what files?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •