Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

How to protect the password?

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

How to protect the password?

Postby LLapsus » Wed Feb 08, 2012 6:49 am

Hello,

I am finishing a website, which uses mysql and I would like to put it on the web.
However, in order to connect to the database I have to save the host, user and password in a file.
If this file is in my public_html anyone can download it and see the password.

Is it enough to save this file with password out of the public_html and set the permission just for the user?
Or do I need something more?

Thank you!
LLapsus
New php-forum User
New php-forum User
 
Posts: 3
Joined: Mon Feb 06, 2012 12:39 am

Re: How to protect the password?

Postby L33R » Wed Feb 15, 2012 4:11 pm

This might be what youre looking for :

http://viralpatel.net/blogs/2010/12/pas ... ccess.html
User avatar
L33R
New php-forum User
New php-forum User
 
Posts: 133
Joined: Fri Dec 30, 2011 4:27 am
Location: Liverpool

Re: How to protect the password?

Postby Nicknnick » Tue Apr 30, 2013 4:16 pm

May be you need to use password = SHA('$password')"
or you can use regular expression.
I am new in PHP coding so I know only this much, may be this will help you.

Thank You!
Nicknnick
New php-forum User
New php-forum User
 
Posts: 8
Joined: Tue Apr 30, 2013 3:31 pm

Re: How to protect the password?

Postby LordMatt » Tue Apr 30, 2013 4:32 pm

Ideally you want your connection information to be stored below the web root. Obviously if someone were to find a vulnerability in your code and trick it into exposing the variables it would still be found out.

The best practice is to create more than one MySQL user. The user that your script logs in as should have the least possible rights. It should also a password which is unlike any other. The user should be accessible only by the "host" that the website is running on. Often this is localhost.

Then even if I make your script somehow tell me the MySQL username and password it is little use to me as I am on a different host.
User avatar
LordMatt
New php-forum User
New php-forum User
 
Posts: 7
Joined: Tue Apr 30, 2013 4:16 pm
Location: UK


Return to PHP & MySQL Security

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron