Security inside PHP file

Question

I have a PHP file inside my project, which i use to establish connection with database. Inside this file there is a string mysql_connect("server","username","password"); which contain real username and password for database. If i upload this file to the host anyone who will open this file and look inside of it will be able to learn my private data?

Answer 1

You can use Environment Variable - a bit secure, This link tells how you can set them. use getenv function to get their value.

Example:

mysql_connect(getenv('server') , getenv('username') , getenv('password'));

Those have access to Environment Variable will be able to see only.

Answer 2

1- In order to have better solutions, try using MVC platforms like CodeIgniter or Yii etc. 2- For core PHP connection strings, you might want to keep them in a custom URL that is only known to you. 3- You should not allow directory listing view for anonymous web users through use of error pages.

There are other security measures available that you might want to google as well.

Answer 3

If someone has access to your server, and has the right privileges, then yes, they will be able to see the file and its contents. If your server is set up properly then it should not be a problem; people, who visit your website, will only be able to see what PHP outputs.

Securing a server is a very big topic that cannot be answered satisfactorily here. If you want to secure a server then you should do some research.

Another thing: The mysql extension was deprecated a long time ago. You should look into updating your database code and use something more secure, such as the PDO or MySQLi extensions.

Answer 4

So, anyone who has access to your server files will be able to look at your username/password. That will happen with any language you use. But people that will open your web application will not have that access. (if you set the proper permissions to the files/folders, of course)