Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Or somthing like
in www/html/inc/ folder
connect_db.php
mysql_connect ("localhost", "root", "hashed_mypasswd");
is this more secure?
Or just write
mysql_connect ("localhost", "root", "mypasswd");
and make the folder (www/html/inc/) only accessble from localhost using .htaccess file?
Please help me with a good practice.
As long as the file will be parsed by PHP, there’s nothing to worry about, and the one isn’t more secure than the other. Nonetheless, there’s practicality involved as well: if you write your mysql_connect in more than one place and you’ve decided to move your database to another host, or you’ve decided to change the password, or if you found out it’s absolutely insecure to connect using the root account (change that ;)), it’s easier to have the connect statement in one place.
Also, if PHP isn’t parsing your file, you’re better off having those critical files outside of the webroot, not even accessible by Apache. That’s the most secure way.