Solved

PHP and MySQL

Posted on 2002-03-17
4
274 Views
Last Modified: 2006-11-17
OK, I have a small question: when connecting to a MySQL database, I use the mysql_connect( server, username, password).  It seems like this is a pretty big security hole to me, since I'm typing in my password in clear text.  Wouldn't it be possible for someone to view my php file and find the password, then log into my database???  If so, isn't there a safer and a more secure way to connect to a MySQL Database?
0
Comment
Question by:junkyboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Marsman_
ID: 6873757
Your right, it isn't very safe, but there really is no other way. You just have to make sure nobody else can read your php-files. Of course a root-user can see your password, but in most cases he has access to your database anyway.
0
 
LVL 5

Accepted Solution

by:
dkjariwala earned 100 total points
ID: 6873826
You got to supply your password this way only.

What I do is I keep two files one is config file where I store mysql details along with other info.

<?
//config.php

$mysql_user ='someuser';
$mysql_pass ='somepass';

//so on..
?>

<?
//program.php

require 'config.php';
global $mysql_user,$mysql_pass;

$conn = mysql_connect('localhost',$mysql_user,$mysql_pass);

?>

Now I keep config.php readable only by the user who is going to run my script.

One of the other option is store password in encrypted form and decrypt it before supplying,

JD
0
 

Author Comment

by:junkyboy
ID: 6875302
OK, thanks :)
0
 
LVL 2

Expert Comment

by:Marsman_
ID: 6876310
Encryption doesn't work... everyone could decrypt it using the function which also is readable in the code. If the file isn't readable than encryption isn't useful because you can't read the file anyway.
To seperate the variables which contain the passwords is a good idea but not because of security reasons. You want every file not to be readable by every user anyway!
So if you look at security, splitting the code has no use.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Web Development 6 68
embadded search engine in website 4 46
How do I allow for non standard CSV file 9 45
php non-object 7 27
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question