Solved

How to prevent access to PHP files that store username/password

Posted on 2012-03-26
9
333 Views
Last Modified: 2012-08-31
Our PHP web app saves the database username and password in a file. How do i prevent the access of this file by FTP users. So that if my programmer resigns, I dont always have to keep changing username/password.
0
Comment
Question by:melwong
9 Comments
 
LVL 22

Expert Comment

by:Kim Walker
ID: 37766250
That depends on what kind of file holds this information. If it's stored in a .php file, the server will always deliver the results of the code inside the file, never the contents. However, I always store such files in a folder outside the public shared directory and include them in my php file using the include statement and a direct path to the file as it is on the server.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 37766287
I use something like this
require_once('../root/db_link.php');

Open in new window

I have the "root" directory on the server at the same level as public_html.  It can't be browsed, only included.  And I also agree with xmediaman: you have very little risk of exposure if your information is inside a .php file.
0
 

Author Comment

by:melwong
ID: 37766309
My current file is in /home/website/public_html/app/app_info.conf. How do i put this file outside public shared dir? Cos my domain website.com points to the dir website
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:melwong
ID: 37766321
My risk is exposing passwords to my programmers
0
 
LVL 12

Expert Comment

by:larsrohr
ID: 37766326
In addition, we make such files owned and readable only by the apache web user.  So among local users, only apache and root can directly access the file.
0
 

Author Comment

by:melwong
ID: 37766360
larsrohr, how do we do that? what is the chmod?
0
 
LVL 12

Accepted Solution

by:
larsrohr earned 50 total points
ID: 37766370
chown apache filename
chmod 400 filename
0
 

Author Closing Comment

by:melwong
ID: 37766464
thx
0
 

Expert Comment

by:Web_Sight
ID: 38353740
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question