Solved

PHP and MySQL

Posted on 2002-03-17
4
275 Views
Last Modified: 2006-11-17
OK, I have a small question: when connecting to a MySQL database, I use the mysql_connect( server, username, password).  It seems like this is a pretty big security hole to me, since I'm typing in my password in clear text.  Wouldn't it be possible for someone to view my php file and find the password, then log into my database???  If so, isn't there a safer and a more secure way to connect to a MySQL Database?
0
Comment
Question by:junkyboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Marsman_
ID: 6873757
Your right, it isn't very safe, but there really is no other way. You just have to make sure nobody else can read your php-files. Of course a root-user can see your password, but in most cases he has access to your database anyway.
0
 
LVL 5

Accepted Solution

by:
dkjariwala earned 100 total points
ID: 6873826
You got to supply your password this way only.

What I do is I keep two files one is config file where I store mysql details along with other info.

<?
//config.php

$mysql_user ='someuser';
$mysql_pass ='somepass';

//so on..
?>

<?
//program.php

require 'config.php';
global $mysql_user,$mysql_pass;

$conn = mysql_connect('localhost',$mysql_user,$mysql_pass);

?>

Now I keep config.php readable only by the user who is going to run my script.

One of the other option is store password in encrypted form and decrypt it before supplying,

JD
0
 

Author Comment

by:junkyboy
ID: 6875302
OK, thanks :)
0
 
LVL 2

Expert Comment

by:Marsman_
ID: 6876310
Encryption doesn't work... everyone could decrypt it using the function which also is readable in the code. If the file isn't readable than encryption isn't useful because you can't read the file anyway.
To seperate the variables which contain the passwords is a good idea but not because of security reasons. You want every file not to be readable by every user anyway!
So if you look at security, splitting the code has no use.
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question