Solved

PHP and MySQL

Posted on 2002-03-17
4
272 Views
Last Modified: 2006-11-17
OK, I have a small question: when connecting to a MySQL database, I use the mysql_connect( server, username, password).  It seems like this is a pretty big security hole to me, since I'm typing in my password in clear text.  Wouldn't it be possible for someone to view my php file and find the password, then log into my database???  If so, isn't there a safer and a more secure way to connect to a MySQL Database?
0
Comment
Question by:junkyboy
  • 2
4 Comments
 
LVL 2

Expert Comment

by:Marsman_
ID: 6873757
Your right, it isn't very safe, but there really is no other way. You just have to make sure nobody else can read your php-files. Of course a root-user can see your password, but in most cases he has access to your database anyway.
0
 
LVL 5

Accepted Solution

by:
dkjariwala earned 100 total points
ID: 6873826
You got to supply your password this way only.

What I do is I keep two files one is config file where I store mysql details along with other info.

<?
//config.php

$mysql_user ='someuser';
$mysql_pass ='somepass';

//so on..
?>

<?
//program.php

require 'config.php';
global $mysql_user,$mysql_pass;

$conn = mysql_connect('localhost',$mysql_user,$mysql_pass);

?>

Now I keep config.php readable only by the user who is going to run my script.

One of the other option is store password in encrypted form and decrypt it before supplying,

JD
0
 

Author Comment

by:junkyboy
ID: 6875302
OK, thanks :)
0
 
LVL 2

Expert Comment

by:Marsman_
ID: 6876310
Encryption doesn't work... everyone could decrypt it using the function which also is readable in the code. If the file isn't readable than encryption isn't useful because you can't read the file anyway.
To seperate the variables which contain the passwords is a good idea but not because of security reasons. You want every file not to be readable by every user anyway!
So if you look at security, splitting the code has no use.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses four methods for overlaying images in a container on a web page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question