All geek questions in one place

Does MySQL save username / password in php.ini file?

I would like to know if it is safe to save username, password, server, etc. in the php.ini file, so when I connect to the mysql server I don’t need to always set parameters?

Also, is it possible to view or retrieve this information (stored in php.ini) in any way (e.g. phpinfo () or something like that?)

thanks

+6
source share
6 answers

As long as you make sure that the ini file is outside DOCUMENT_ROOT, and not read in the world, it is no less secure than any other method.

+6
source

You do not need to specify this information in the parameters every time. You can define the connection in a separate file ( dbconnection.php ) and include it in files that require a connection to the database.

+3
source

This is not safe, because you can read ini files using the php method: parse_ini_file

+3
source

I do not think that there is a security risk associated with saving any configuration in the php.ini file, since the ini location of the file is outside the "public" directory. User cannot access this file.

You can get the ini parameter with the php ini_get function. Additional information about this parameter can be found here: http://php.net/manual/en/function.ini-get.php

+1
source

It would be much safer if you put it in a file without an extension and then save that file using .htaccess. In addition, the .ini file can be read by any browser, so it will be super secure.

0
source

As stated above, an .ini file can be no more or less secure than storing it in the .php file itself. However, keep in mind that when using the .ini file, this parameter is global with respect to all PHP codes and websites. Using a .ini file may affect other code for which you want to use a different user.

In general, it is probably best security practice to NOT use a .ini file to store a password, simply because it is now open to anyone who stores PHP files on your server. It also does a bit of a hassle if you suddenly need to provide several sites or applications for different site logins (for individual databases). It is not better to use the same login for several databases, except for the root user, which should be used only for administrative purposes.

0
source

Source: https://habr.com/ru/post/899959/

More articles:


All Articles