How do I secure connect to db file info?

ofeyofey · July 25, 2014, 4:35pm

Hi,
I am following Kevin Yank’s book ‘PHP and MYSQL Novice to Ninja’. I am a novice.
He appears to suggest placing the database connection code in index.php which would be in the public directory on the server. Is this a good idea?
I would prefer to place this in a private directory on my server. Would it be secure to then use an ‘include’ to call this file from index.php? I was hoping to use an array item $_CONF[‘path’], concatenated to the connect.php This would hopefully make it more difficult to find the path to connect.php
The problem is how could I define $_CONF[‘path’] in the private directory so that this path could not be seen? If it is given a value in a file in private the full path to that would have to be given in a public file.
index.php

include $_CONF['path'] . "connect.php";

connect.php

<?php
try
{
  $pdo = new PDO('mysql:host=localhost;dbname=ijdb', 'ijdbuser', 'mypassword');
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $pdo->exec('SET NAMES "utf8"');
}
catch (PDOException $e)
{
  $output = 'Unable to connect to the database server.';
  include 'output.html.php';
  exit();
}

$output = 'Database connection established.';
include 'output.html.php';

Any help would be greatly appreciated.
Thanks,
Shane

arout77 · July 25, 2014, 5:56pm

I may be confused on what you are asking — but it doesn’t matter much where you store the DB connection file. If you right click and “View Source”, you won’t see any references to the DB connection.
When you use include() or require(), it will import the contents of the file directly into the active script.

edit

Just re-read the post.

It sounds like $_CONF[‘path’] is simply pointing to the server web root, if I am not mistaken.
So if you wanted to move the DB script to the directory just above your public_html ( or www ) folder, you can try something like this:

include $_CONF['path'] . "/../connect.php";

assuming your server will let you do so.

But that is just a quick hack…it will break the minute you try to pull the DB script from a sub directory.

It would be better to just move the DB script to wherever you want it, and then define a new variable or constant that stores the absolute path to the script, instead of using $_CONF.

WolfShade · July 25, 2014, 6:10pm

The only secure thing about it that I’ve heard is to NOT put the connection info (or login, or password) into a clear file like .txt or .inc - those can be viewed, directly.

As long as it’s in a .php file, then that is server-side processing, not something passed directly to the browser.

arout77 · July 25, 2014, 6:24pm

Yep, as long as the server is set up correctly, putting files outside of the web root is usually a lot more trouble than it is worth.

rpkamp · July 25, 2014, 6:34pm

On the other hand if a PHP build ever goes wrong on a server and it starts spitting out PHP files verbatim without any processing you’ll be happy you got them away from the web root!
The way I always do it is I have an index.php in the webroot, no other .php files, and that includes the application which resides outside the webroot. Just one index.php to bootstrap is all you need really.

arout77 · July 25, 2014, 7:24pm

Agreed, but to me it seems overkill, if he is simply following a tutorial on learning sql.

But then again, if he feels up to it and really wants to get his hands dirty, this would be a good place to start

ofeyofey · July 25, 2014, 9:59pm

Hi,
Thank you for all your replies.

…it doesn’t matter much where you store the DB connection file. If you right click and “View Source”, you won’t see any references to the DB connection.
When you use include() or require(), it will import the contents of the file directly into the active script.

Yes I understand.

It sounds like $_CONF[‘path’] is simply pointing to the server web root

No, wanted $_CONF[‘path’] to be the path to the directory above the public_html directory.

So if you wanted to move the DB script to the directory just above your public_html ( or www ) folder, you can try something like this:

Code:

include $_CONF[‘path’] . “/…/connect.php”;

That is what was suggesting in my index.php file.

…it will break the minute you try to pull the DB script from a sub directory.

So then I won’t try this.

…define a new variable or constant that stores the absolute path to the script, instead of using $_CONF.

I didn’t want to do this because I thought if someone looked at the file they would be able to see that path. However now I know that,

As long as it’s in a .php file, then that is server-side processing, not something passed directly to the browser.

So I .php file can never be viewed. I thought anyone could look into the public_html directory and look at the any file they wanted.
From time to time I see an index of files like this. But perhaps that is a site that has not been secured properly. How do I know that an index of my files in public_html can not be seen?
I use Bluehost so I can presume that the server has been set up correctly.

The way I always do it is I have an index.php in the webroot, no other .php files, and that includes the application which resides outside the webroot. Just one index.php to bootstrap is all you need really.

The way it could be done then is to have one index.php file with one ‘include’ to one other .php file which is also in public_html and that file can in turn include all the others, including connect.php with all it’s details. This seems to be a safe enough option. Although I know there is no such thing as a 100% secure site, hopefully yhis is reasonable.
Thanks for all your help,
Shane

Mittineague · July 25, 2014, 10:35pm

Apache by default lists folder contents as seen in your linked image, IF
There is no “index” in the folder
The htaccess does not have Options -Indexes

ofeyofey · July 25, 2014, 10:53pm

Great so that means no one can see my .php file in public_html.
Thanks

arout77 · July 25, 2014, 11:24pm

Just keep in mind that the vast majority of all successful attacks on a website involve either

the server being compromised, in which case it won’t matter where you store your files (but fortunately occurs a lot less often than #2 below)
XSS, CSRF and SQL injections, all of which does not care where exactly the files are located.

It is indeed a good practice to keep sensitive files out of the webroot, but your primary focus should always be on writing secure code, and paying attention to your server configuration. A malovent user does not need access to your configuration files to get into your database.

What you are soon going to find out is that there are a lot of little intricacies involved with moving things out of the public domain. Even simple things, like including CSS files and images, will require workarounds, and if you aren’t sure of what you are doing, you can introduce new security flaws that previously didn’t exist.

I certainly am not trying to discourage you from doing this, as mentioned, it is good housekeeping; just want to make sure you are aware that there is more than meets the eye here…it’s not just simply include(DIR . ‘/…/some_hidden_folder/file-to-include.php’); and calling it a day.
For example, the bootstrap file is going to require some careful planning on your part. Will you be setting your new file locations there? If so, then it defeats the purpose of moving everything out of site in the first place. Will it be acting as a makeshift front controller, and processing URL requests? And so on…