Solved

How to prevent access to PHP files that store username/password

Posted on 2012-03-26
9
336 Views
Last Modified: 2012-08-31
Our PHP web app saves the database username and password in a file. How do i prevent the access of this file by FTP users. So that if my programmer resigns, I dont always have to keep changing username/password.
0
Comment
Question by:melwong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 22

Expert Comment

by:Kim Walker
ID: 37766250
That depends on what kind of file holds this information. If it's stored in a .php file, the server will always deliver the results of the code inside the file, never the contents. However, I always store such files in a folder outside the public shared directory and include them in my php file using the include statement and a direct path to the file as it is on the server.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 37766287
I use something like this
require_once('../root/db_link.php');

Open in new window

I have the "root" directory on the server at the same level as public_html.  It can't be browsed, only included.  And I also agree with xmediaman: you have very little risk of exposure if your information is inside a .php file.
0
 

Author Comment

by:melwong
ID: 37766309
My current file is in /home/website/public_html/app/app_info.conf. How do i put this file outside public shared dir? Cos my domain website.com points to the dir website
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:melwong
ID: 37766321
My risk is exposing passwords to my programmers
0
 
LVL 12

Expert Comment

by:larsrohr
ID: 37766326
In addition, we make such files owned and readable only by the apache web user.  So among local users, only apache and root can directly access the file.
0
 

Author Comment

by:melwong
ID: 37766360
larsrohr, how do we do that? what is the chmod?
0
 
LVL 12

Accepted Solution

by:
larsrohr earned 50 total points
ID: 37766370
chown apache filename
chmod 400 filename
0
 

Author Closing Comment

by:melwong
ID: 37766464
thx
0
 

Expert Comment

by:Web_Sight
ID: 38353740
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question