Solved

Securing/best practices for config.php file

Posted on 2007-11-16
5
450 Views
Last Modified: 2013-12-13
I am wondering if anyone has some good practices that are secure for using a config.php file to connect to a SQL database.

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

Any thoughts?

Thanks,

RYan
0
Comment
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:Zibings
ID: 20299702
Could you explain what you mean by 'secure practices' for using a configuration file?  One general comment I can make though would be that you should consider not using the default error messages provided by the MySQL library as it can reveal your database username unintentionally.
0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20299740
Ohh..I didnt know that. I am unsure of ways to make it secure, what do you suggest?
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 500 total points
ID: 20301879
What are you referring to when you say more "secure"?

$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "xxxx" ) or die("Error getting db: <br><br>".mysql_error());

this code will work everytime, but once you have a lot of visitors, as Zibings said, will reveal information which you probably don't want your visitors to know about your database.

So something like this would be robust and you can have your custom error.php page:


<?php

	$l = mysql_connect ( "p50mysql31.secureserver.net" , "xxxx" , "xxxx" );

	

	if(!$l)

	{

		// Where error.php is your generic error page maybe stating that something was wrong with the script.

		header("Location: error.php");

		exit();

	}

		

	$db = mysql_select_db( "xxxx" );

	

	if(!$l)

	{

		// Where error.php is your generic error page maybe stating that something was wrong with the script.

		header("Location: error.php");

		exit();

	}

?>

Open in new window

0
 
LVL 1

Author Comment

by:catonthecouchproductions
ID: 20301942
Nice, thank you for that! Let me work in that code.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20301949
remember to have the error.php in the same directory, otherwise the file will return a 404 :)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now