?
Solved

PHP and MySQL

Posted on 2002-03-17
4
Medium Priority
?
281 Views
Last Modified: 2006-11-17
OK, I have a small question: when connecting to a MySQL database, I use the mysql_connect( server, username, password).  It seems like this is a pretty big security hole to me, since I'm typing in my password in clear text.  Wouldn't it be possible for someone to view my php file and find the password, then log into my database???  If so, isn't there a safer and a more secure way to connect to a MySQL Database?
0
Comment
Question by:junkyboy
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Marsman_
ID: 6873757
Your right, it isn't very safe, but there really is no other way. You just have to make sure nobody else can read your php-files. Of course a root-user can see your password, but in most cases he has access to your database anyway.
0
 
LVL 5

Accepted Solution

by:
dkjariwala earned 400 total points
ID: 6873826
You got to supply your password this way only.

What I do is I keep two files one is config file where I store mysql details along with other info.

<?
//config.php

$mysql_user ='someuser';
$mysql_pass ='somepass';

//so on..
?>

<?
//program.php

require 'config.php';
global $mysql_user,$mysql_pass;

$conn = mysql_connect('localhost',$mysql_user,$mysql_pass);

?>

Now I keep config.php readable only by the user who is going to run my script.

One of the other option is store password in encrypted form and decrypt it before supplying,

JD
0
 

Author Comment

by:junkyboy
ID: 6875302
OK, thanks :)
0
 
LVL 2

Expert Comment

by:Marsman_
ID: 6876310
Encryption doesn't work... everyone could decrypt it using the function which also is readable in the code. If the file isn't readable than encryption isn't useful because you can't read the file anyway.
To seperate the variables which contain the passwords is a good idea but not because of security reasons. You want every file not to be readable by every user anyway!
So if you look at security, splitting the code has no use.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question