Passing Credentials to PDO

Read this in the PHP Anthology book:

“In the database connection examples we just saw, I included my access credentials within the DSN, or in the $userand $passvariables, but I did so for illustration purposes only. This is not standard—or appropriate—practice, since this information can by misused by malicious parties to access your database.”

I’m looking for recommendations on how to securely pass user and password credentials to the PDO object. I would like to set it up securely right from the start.

Thanks!

Generally, these credentials are kept in a file which is kept well out of the doc_root (ie above it) and include the file as the credentials are needed.

I keep my entire DSN in that file and in fact instantiate a PDO object from it too, just passing a live PDO connection to those scripts that need it - but then again I only use a single dbase for each site YMMV.

Thanks for the quick reply.

Here is what I have so far… I’ve setup a directory called config that contains and INI file with DB config (and other) info. I read the config file DSN parameters when I need to create a PDO instance. I also plan to secure the directory with .htaccess or something…

Sound ok?

Fairly. Keep in mind that PHP can read files Apache cannot. For example, this is part of my framework’s directory tree.


/gazelle
  /classes
  /http
  /tests
  /projects
    /sample
      /classes
      /htdocs
  /tools

www.sample.com is pointed at /gazelle/projects/sample/htdocs
But the php file there loads /gazelle/classes/Startup.php

This is because an active PHP script can read any file on your machine that the apache user can read. Meanwhile, if the PHP parser fails, only the files in htdocs are exposed to being read accidentally.

A lot of PHP projects do beginning programmers a disservice by creating the appearance that a PHP file must be in the webroot to be parseable. This is emphatically not true and what is worse - it is potentially one of the more insecure ways to set up a site (.htaccess tricks being necessary to really get things locked down).

Why not just have a configuration directory, and have .htaccess say:
deny from all

Rather than going below document root? (And if the .htaccess is missing die(“You must have .htaccess within config directory”;)

Several reasons. Here’s a few…

  • A single install of gazelle is designed to be used with multiple sites (or projects) on the server rather than have a copy in each site’s webroot. This allows for upgrade once and done which saves a lot of time if you have a lot of clients with individually small sites (smaller even than what Joomla would be typically called on to deploy).
  • The htdocs directory is used as a cache by this framework.
  • If the administrator uses httpd.conf to turn off htaccess files your code is still exposed. Not all hosts allow htaccess.
  • Parts of the framework are meant to be executed from the command line. A few of them must be sudo’ed to do everything they can do. I don’t want even the possibility that they might be accessed and executed from the web.
  • That httpd directory - not something apache needs to serve files from, ever.

I could go on. Again, it’s a MISTAKE to treat PHP as “must be in the web directory” to work. It’s convenient - and allows for easy, cheesy brain dead installing to a degree - but it doesn’t have to work that way and it’s not the most efficient way either. That said, the disservice and mistake is the misconception that the approach of putting all the php files in the root is the only way to make it work. That’s not always a bad way in and of itself - but it isn’t the only way or even the only right way.

… and for IIS? :slight_smile:

hey, I need to add that one to my list (At the moment I’ve gotten the thing pretty coupled to apache’s rewrite system, but IIS supports that and a compat lib shouldn’t be hard to write eventually).

Thanks for all the great advice.

Let check to make sure I understand. It would be better to move my “config” directory containing my “config.ini” outside of the “public_html” directory ENTIRELY, correct? … and perhaps any cool shared classes as well…

From my control panel I can get to “/home/myweb” which contains “public_html”. I’m guessing that I want to create something like: “/home/myweb/config” or something like that. Then my php can load from that directory, but it would not be accessible to the public. Also I would not have to worry so much about the .htaccess file being there.

Question: How would I access that directory from PHP? I know how to use “$_SERVER[‘DOCUMENT_ROOT’]” which essentially takes me to my “public_html” directory? What command moves me further up the structure.

Thanks again for all the advice. You’ve been VERY helpful.

-Stan.

The search [google]setting include path php[/google] turns up this advice.

Given this tree
/myweb/config
/myweb/public_html

A file in public_html would include it via

include(“…/config/config.php”);

Other useful things

The magic constant FILE is the full path of the current file that is being parsed. The directory of that current file can be found with dirname(FILE);

Often it is useful to choose a root directory and set a constant. Again, with your path setup you could do

define(‘MYWEB’, dirname(dirname(FILE)));

from your config file, and then from then on you could reach any file from MYWEB down with

require( MYWEB.‘/public_html/somefile.php’);

or the like.

glob is a powerful directory iteration tool. pathinfo comes in useful as well for getting information on files.

Agreed, I love the 5.3.0 and up stream wrapper.


<?php
foreach(new DirectoryIterator('glob://ext/spl/examples/*.php') as $file)
{
    printf(
      '%s: %.1FK\
',
      $file->getFilename(),
      $file->getSize() / 1024
    );
}
/*
  tree.php: 1.0K
  findregex.php: 0.6K
  findfile.php: 0.7K
  dba_dump.php: 0.9K
  nocvsdir.php: 1.1K
  phar_from_dir.php: 1.0K
  ini_groups.php: 0.9K
  directorytree.php: 0.9K
  dba_array.php: 1.1K
  class_tree.php: 1.8K
*/
?>

Thanks again for all the excellent advice.

I may have to change my setup a bit. I’m running apachae/php/Netbeans on a windows machine using virtual directories… so when running a test this is how the index page address would appear in my browser: http://mywebsite/index.php

I’m going to need php to navigate outside that virtual directory…

I’m going to need to pull the config file from: http://SameLevelAsMyWebsite/config/config.php

so… I think I may need to try to change my virtual directory structure a bit… not sure about how to do that yet… time to experiment

I’m kinda stuck… I created a “public_html” directory and moved my files there. In netbeans I set the web root to “public_html” … that works fine, but the “document_root” still shows one directory level higher (The “Source Files” folder essentially) … not sure how to create a test environment using my setup (apache/netbeans/virtual directories) where I can simulate a

myweb/securedDirectory
myweb/public_html

kind of setup… Netbeans seems to want my files in the “source files” folder (not below) and wants that to be the Document_root as well…

Any help is appreciated.