Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I usually do
$password = "password";
$mysqli = new mysqli("localhost", "root", $password, "database");
Is there a way to give mysqli a hashed password instead of having to save the plaintext form stored in my script? Is there a good practice to avoid having plaintext passwords around my script? Is this safe
I get it won’t be 100% proof but it does make it slightly more cumbersome to not have the plaintext available?
Nope; that would defy the point in using password hashing in the first place. If you could log in with the hashed password, then the hashed password would essentially be your password.
You could encrypt it, but the key for decryption would also have to be stored somewhere, so you’d merely be obfuscating the password, not protecting it. Anyone who wants it can easily find it, if he has access to your script files.
Ultimately, you’ll have to place some trust in the security of your server’s own filesystem. Your best bet is just to make sure it’s stored outside the document root and is not readable by any user/group on the server who doesn’t need to read it.