Is it safe to write mysql_connect ("localhost", "root", "mypasswd") to a file?

Question

Is it safe to write mysql_connect ("localhost", "root", "mypasswd") to a file?

Or something like

in the folder www/html/inc/ connect_db.php

mysql_connect ("localhost", "root", "hashed_mypasswd");

is safer?

Or just write mysql_connect ("localhost", "root", "mypasswd"); and make the folder ( www/html/inc/ ) accessible only from localhost using the .htaccess file?

Please help me with good practice.

+2

mysql

user706087 Jun 07 '11 at 8:29

source share

2 answers

If you need to save the password to disk, you must encrypt it. This should prevent third parties from accidentally recovering their password. However, the password is most likely sent in clear text (not sure about MySql).

0

Steve Jun 07 '11 at 8:33

source share

Berry langerak · Accepted Answer · 2011-06-07T08:33:53+0000

While the file will be parsed by PHP, you have nothing to worry about, and it is no more secure than the other. However, there is practicality: if you write mysql_connect in more than one place and you decide to move your database to another host, or you decide to change the password, or if you find it is absolutely insecure to connect using the root account (change this;)), it is easier to have a connect statement in one place.

In addition, if PHP does not parse your file, you are better off having these critical files outside the website, even inaccessible to Apache. This is the safest way.

Is it safe to write mysql_connect ("localhost", "root", "mypasswd") to a file?

More articles: