Solved

Securing/best practices for config.php file

Posted on 2007-11-16
5
453 Views
Last Modified: 2013-12-13
I am wondering if anyone has some good practices that are secure for using a config.php file to connect to a SQL database.

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

Any thoughts?

Thanks,

RYan
0
Comment
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:Zibings
ID: 20299702
Could you explain what you mean by 'secure practices' for using a configuration file?  One general comment I can make though would be that you should consider not using the default error messages provided by the MySQL library as it can reveal your database username unintentionally.
0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20299740
Ohh..I didnt know that. I am unsure of ways to make it secure, what do you suggest?
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 500 total points
ID: 20301879
What are you referring to when you say more "secure"?

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

this code will work everytime, but once you have a lot of visitors, as Zibings said, will reveal information which you probably don't want your visitors to know about your database.

So something like this would be robust and you can have your custom error.php page:


<?php

	$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" );

	

	if(!$l)

	{

		// Where error.php is your generic error page maybe stating that something was wrong with the script.

		header("Location: error.php");

		exit();

	}

		

	$db = mysql_select_db( "xxxx" );

	

	if(!$l)

	{

		// Where error.php is your generic error page maybe stating that something was wrong with the script.

		header("Location: error.php");

		exit();

	}

?>

Open in new window

0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20301942
Nice, thank you for that! Let me work in that code.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301949
remember to have the error.php in the same directory, otherwise the file will return a 404 :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm trying, I really am. But I've seen so many wrong approaches involving date(time) boundaries I despair about my inability to explain it. I've seen quite a few recently that define a non-leap year as 364 days, or 366 days and the list goes on. …
If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now