Ideally I would prefer not to have a password for a database in its raw form in a config file.
Is there away that pdo mysql connect accepts a md5 or sha1 version??
Thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Ideally I would prefer not to have a password for a database in its raw form in a config file.
Is there away that pdo mysql connect accepts a md5 or sha1 version??
Thanks
1) make the file only accessible to www-data.
2) never use a username/pw combo that has more privelage than needed (eg no grant, drop, create etc, only select insert)
3) make mysql only accept connections from 127.0.0.1
If someone has access to your box you have more problems than worrying about your applications db password.