Home/ Questions/Q 8034035
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T01:53:15+00:00

If I’m storing a set of login credentials at my server root, is there

  • 0

If I’m storing a set of login credentials at my server root, is there any security risk in not hashing it if I’m just storing it in a PHP file?

$user = 'user';
$password = 'password';

I am storing login credentials to a page with locked content on my website that a user has to click a link to receive, incase you were wondering. When the user logs in, I can authorize the login like this, right?

include('../logininfo.php');
if ($_POST['user'] == $user) {
//...etc

Is there something wrong with this method?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, you should avoid doing this. There is a possibility (I speak from experience) where your webhost might screw up and begin serving PHP files as plain text rather than executing them.

    You should place the credentials file outside of your web root. You can still include it, but it will not be served up over a browser.

    In the case that you are on a shared webhost that does not allow you access outside of your web root, place the credentials file in a directory of its own and block off access to the directory using a .htaccess file. See here for steps to do that: Deny direct access to PHP file

    The fact that you should be using a MySQL database to store usernames and hashed passwords is beyond the scope of this answer. I will assume you have a good reason for doing what you are doing.

    • 0