Solved

PHP and MySQL

Posted on 2002-03-17
4
269 Views
Last Modified: 2006-11-17
OK, I have a small question: when connecting to a MySQL database, I use the mysql_connect( server, username, password).  It seems like this is a pretty big security hole to me, since I'm typing in my password in clear text.  Wouldn't it be possible for someone to view my php file and find the password, then log into my database???  If so, isn't there a safer and a more secure way to connect to a MySQL Database?
0
Comment
Question by:junkyboy
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Marsman_
ID: 6873757
Your right, it isn't very safe, but there really is no other way. You just have to make sure nobody else can read your php-files. Of course a root-user can see your password, but in most cases he has access to your database anyway.
0
 
LVL 5

Accepted Solution

by:
dkjariwala earned 100 total points
ID: 6873826
You got to supply your password this way only.

What I do is I keep two files one is config file where I store mysql details along with other info.

<?
//config.php

$mysql_user ='someuser';
$mysql_pass ='somepass';

//so on..
?>

<?
//program.php

require 'config.php';
global $mysql_user,$mysql_pass;

$conn = mysql_connect('localhost',$mysql_user,$mysql_pass);

?>

Now I keep config.php readable only by the user who is going to run my script.

One of the other option is store password in encrypted form and decrypt it before supplying,

JD
0
 

Author Comment

by:junkyboy
ID: 6875302
OK, thanks :)
0
 
LVL 2

Expert Comment

by:Marsman_
ID: 6876310
Encryption doesn't work... everyone could decrypt it using the function which also is readable in the code. If the file isn't readable than encryption isn't useful because you can't read the file anyway.
To seperate the variables which contain the passwords is a good idea but not because of security reasons. You want every file not to be readable by every user anyway!
So if you look at security, splitting the code has no use.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now