jimmybob
Reputation: 11
Storing mysql pass in php script above web root, anything better?
So I'm storing my MySQL database connection login info in a .php file that's above the web root.
But if someone gains access to the whole server, they could potentially open that file up
What else can I do to protect the info?
Upvotes: 1
Views: 163
Answers (3)
alex
Reputation: 490547
Besides the obvious answers, you should ensure your site is safe from directory traversal attacks that may read your PHP file above the root.
Make sure you don't do this (or similar)
echo file_get_contents($_GET['page']);
(better example than previous)
Upvotes: 2
code_burgar
Reputation: 12323
If someone has access to your entire production webserver, I figure you would have bigger issues than hiding your MySQL database credentials.
Upvotes: 5
zerkms
Reputation: 255085
You cannot do anything against the person who got the access to the server.
Upvotes: 2
Related Questions
- Where to store MySQL credentials in PHP scripts?
- a better approach than storing mysql password in plain text in config file?
- Best method for storing mysql passwords?
- Storing Database Security Credentials in PHP Securely
- Keeping database credentials secure in a PHP application
- Where and how to store MySQL passwords available to PHP
- PHP - Storing password for external service securely?
- authentication safely
- PHP Basics - Where to store MySQL password used by PHP
- Where is the most secure place to put MySQL connection details for PHP