Solved

Securing/best practices for config.php file

Posted on 2007-11-16
5
462 Views
Last Modified: 2013-12-13
I am wondering if anyone has some good practices that are secure for using a config.php file to connect to a SQL database.

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

Any thoughts?

Thanks,

RYan
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:Zibings
ID: 20299702
Could you explain what you mean by 'secure practices' for using a configuration file?  One general comment I can make though would be that you should consider not using the default error messages provided by the MySQL library as it can reveal your database username unintentionally.
0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20299740
Ohh..I didnt know that. I am unsure of ways to make it secure, what do you suggest?
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 500 total points
ID: 20301879
What are you referring to when you say more "secure"?

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

this code will work everytime, but once you have a lot of visitors, as Zibings said, will reveal information which you probably don't want your visitors to know about your database.

So something like this would be robust and you can have your custom error.php page:


<?php
	$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
		
	$db = mysql_select_db( "xxxx" );
	
	if(!$l)
	{
		// Where error.php is your generic error page maybe stating that something was wrong with the script.
		header("Location: error.php");
		exit();
	}
?>

Open in new window

0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20301942
Nice, thank you for that! Let me work in that code.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301949
remember to have the error.php in the same directory, otherwise the file will return a 404 :)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Could you point whyat's needed to a Codeigniter app to correctly be started? 10 66
Link Stopped Working 7 33
Insert PHP into HTML page. 7 52
learning MS SSIS 13 26
PL/SQL can be a very powerful tool for working directly with database tables. Being able to loop will allow you to perform more complex operations, but can be a little tricky to write correctly. This article will provide examples of basic loops alon…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question