954,561 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
5 Years Ago
0

Securing my database access password

I hate having the password for my database out in the open. Anyone who gets a look at my code has access to the password. What can I do to secure it so my PHP scripts can access it but it's harder to find?

I thought about storing it in a file, but if you've got read access to the file you've got read access to the password. Encryption is the next thing I thought of, but my script would have to do the decryption. Once you have that info, what's to keep you from using it?

How can I keep it safe and still use it?

Puckdropper
Posting Pro
500 posts since Jul 2004
Reputation Points: 23
Solved Threads: 23
 
5 Years Ago
0

I hate having the password for my database out in the open. Anyone who gets a look at my code has access to the password. What can I do to secure it so my PHP scripts can access it but it's harder to find?

I thought about storing it in a file, but if you've got read access to the file you've got read access to the password. Encryption is the next thing I thought of, but my script would have to do the decryption. Once you have that info, what's to keep you from using it?

How can I keep it safe and still use it?


If my scripts via codes are somewhat special as in exclusive to and for me only, I would MD5 my passwords(text boxes if any) and encrpt it with mad dog. But thats be.

mikeSQL
Junior Poster
196 posts since Dec 2004
Reputation Points: 16
Solved Threads: 3
 
5 Years Ago
0

They're for the whole thing. I thought about using a hash that's so long it'd be difficult for a human to copy, but that still doesn't prevent machine copying.

Puckdropper
Posting Pro
500 posts since Jul 2004
Reputation Points: 23
Solved Threads: 23
 
5 Years Ago
0

Try this. You can always use a file that is stored outside to the Web site tree on your server. The file can contain the entire command to open the database, including the database name and password. You then include that file in your Web script using the server path (not the Web site path). Files stored outsite of the Web site tree are not accessible via the Internet.

Heres an example of a call to a file above the Web site tree on a server:

require_once ('/home/mysiteaccountname/temp/DB01.php');


Here is what is in DB01.php:

mysql_select_db('myDatabse', mysql_connect('localhost','myUserName','myPassword')) or die(mysql_error() );

Files that are stored outside of the Web space cannot be read from the Internet, but they can be read from a script within the site's Web space. This means your PHP program can read it, but someone using your site should not be able to get to it. All the important info about your database is out of the reach of the bad guys.

If you want to add an additional level of security, them encrypt the password as well.

TopDogger
Junior Poster in Training
87 posts since Aug 2005
Reputation Points: 15
Solved Threads: 5
 
1 Year Ago
0

Can you please try the following or something like this?

// We do not store the username and pass in variables
$db = mysql_connect("host", "muyser", "mypass");


OR

$user = "myuser";
$pass = "mypass";
$db = mysql_connect("host", "muyser", "mypass");
unset($user, $pass);
// Do database selection here


In both the occasions, one has to put this file outside the web root.

Thanks.

webms
Newbie Poster
1 post since Nov 2010
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed