Helpful Information
 
 
Category: PHP Development
PHP mysql_connect password security

I am looking for a secure way to store the password required for PHP's mysql_connect function.

Does anyone have a solution for this?

You can store information securely from http access below the document root. In fact, I place all my include files below the document root. For example, if your site is at:

/home/youraccount/www/

you can create an include dir at

/home/youraccount/php-lib/

which will be impossible to access via http

Thanks Rod, but unfortunately i do not have write access at that level. I may have to change my host.

Well then .. secure is to disallow the access to the directory via .htaccess or better make it impossible to parse the data in the dir with it ... if u want to hide it from local users .. well then you have a problem http://www.devshed.com/Talk/Forums/smile.gif

Actually, restricting access with .htaccess won't work for include() files. If you try to include it the user will be prompted for the username/password. Not what you want.

Without being able to place the files below the doc root, the only option is to make sure the files are in a directory with an index/default page so the directory won't appear and make sure the scripts are php parsable using the proper extension so that they can't be sent in the clear via http.










privacy (GDPR)