How to connect a connection string to Yii?

Question

How to connect a connection string to Yii?

I host the Yii application on a shared host with some of my friend and store the database on a private MySQL server. As you know, database information can be found so easily in protected\config\main.php another host owner (my friend and much more):

 'db'=>array( 'connectionString' => 'mysql:host=211.113.2.45;dbname=FamilyBook', 'emulatePrepare' => true, 'username' => root, 'password' => 'xcute445', 'charset' => 'utf8', ),

Is there any solution to hide the connection information as mySQL IP server, username, password?

Can a MySQL server provide an RSA mechanism to protect database information?

For example, any people can see below, but cannot understand or use:

 'db'=>array( 'connectionString' => '57bf064b2166366a5ea61109006b8d5c', 'emulatePrepare' => true, 'username' => '63a9f0ea7bb98050796b649e85481845', 'password' => 'e04ccf211208f8c97e4a36e584926e60', 'charset' => 'utf8', ), // value by MD5 function, example only

+6

php mysql password-protection yii connection-string

Davuz Jun 20 '12 at 9:41

source share

2 answers

Using Yii 1.x, I did this using the method below.

create a DbConnection class inside protected/components , extending from CDbConnection class DbConnection extends CDbConnection { public function createPdoInstance() { // Decrypt the password used in config file // eg: $this->password = mydecrypt($this->password); return parent::createPdoInstance(); } } class DbConnection extends CDbConnection { public function createPdoInstance() { // Decrypt the password used in config file // eg: $this->password = mydecrypt($this->password); return parent::createPdoInstance(); } }
Adjust the configuration file ( protected/config/main.php ) 'db' => array( 'class' => 'DbConnection', // Use above classname 'password' => 'encryptedpassword', ),

0

Amil waduwawara Aug 24 '15 at 8:54

source share

Jon · Accepted Answer · 2012-06-20T09:46:27+0000

No, you cannot hide the credentials of someone who has access to your source if you use your own authentication on MySql . This is because your code must pass the credentials as cleartext¹ to the server, so it must be able to "decrypt" them before connecting. Someone who has access to your source can follow the same procedure and decrypt them as well.

You can protect your system by relying on some type of PAM authentication instead of user credentials, but Yii does not support these.

Otenote: Actually, this is not so. The client passes the hash to the server, but for hashing it, it must have access to the original password. This means that for the purposes of this discussion, it does not matter (this may affect the one who is listening on the net).

How to connect a connection string to Yii?

More articles: