Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When it comes to programming your web application in php, what is the most efficient way to prevent your MySQL information from being disclosed or discovered by another person (third party)? The information would include domain names and log in and passwords used in the connet functions.
For an example a good procedure might be keeping your mysql connection functions in a separate php file, etc.
Any ideas?
.phpfile outside the document root (so it is not directly accessible over the web).phpfile instead of, say,.inc, so that even if it is accidentally accessible over the web, it will be executed and not displayed directlyif (defined('DB_AUTH_LOADED')) return; define('DB_AUTH_LOADED', 1);in your credentials file), in order to avoid any possible redefinition of your credentials varsThis should protect you from direct access to your credentials and from accidental leaks of the credentials by your own code. If attackers can upload PHP files to your server and manage to actually execute them, the fight is pretty much lost, but the above measures should keep you fairly safe from accidentally revealing your creds yourself.