Where is the safest place to post MySQL connection data for PHP

Question

Where is the safest place to post MySQL connection data for PHP

Where is the safest place to add MySQL database connection information when connecting through a PHP script?

$connection = mysql_connect($hostname, $username, $password); if (!$connection) {die('Could not connect: ' . mysql_error());} mysql_select_db($database, $connection);

I know that it is not recommended to place them directly in the script that queries the database. However, some say that you should put the connection data in a separate PHP script and include the script for the connection.

Is there a safer place to post connection information?

+4

php mysql connection

Mark Feb 27 '10 at 20:10

source share

3 answers

You can put it in a directory that is not in the webapp hierarchy to prevent the browser from accessing it.

Depending on your level of paranoia, you can write a web service that’s behind the firewall and call up credentials, but that might be redundant.

This would help if we understood your architecture whether the php script just goes to the database, then the first sentence would be better if you have firewalls, for example, you will have more options.

0

James black Feb 27 '10 at 20:14

source share

If your OS has reasonable security features, it doesn't matter where if the file belongs to a group with the least possible rights.

0

Thomas ahle Feb 27 '10 at 20:19

source share

Pekka 웃 · Accepted Answer · 2010-02-27T20:14:48+0000

A common practice is to put them in a separate file and put it outside the root of the website. See this answer for more details.

Where is the safest place to post MySQL connection data for PHP

More articles: