• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

How to prevent access to PHP files that store username/password

Our PHP web app saves the database username and password in a file. How do i prevent the access of this file by FTP users. So that if my programmer resigns, I dont always have to keep changing username/password.
0
melwong
Asked:
melwong
1 Solution
 
Kim WalkerWeb Programmer/TechnicianCommented:
That depends on what kind of file holds this information. If it's stored in a .php file, the server will always deliver the results of the code inside the file, never the contents. However, I always store such files in a folder outside the public shared directory and include them in my php file using the include statement and a direct path to the file as it is on the server.
0
 
Ray PaseurCommented:
I use something like this
require_once('../root/db_link.php');

Open in new window

I have the "root" directory on the server at the same level as public_html.  It can't be browsed, only included.  And I also agree with xmediaman: you have very little risk of exposure if your information is inside a .php file.
0
 
melwongAuthor Commented:
My current file is in /home/website/public_html/app/app_info.conf. How do i put this file outside public shared dir? Cos my domain website.com points to the dir website
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
melwongAuthor Commented:
My risk is exposing passwords to my programmers
0
 
larsrohrCommented:
In addition, we make such files owned and readable only by the apache web user.  So among local users, only apache and root can directly access the file.
0
 
melwongAuthor Commented:
larsrohr, how do we do that? what is the chmod?
0
 
larsrohrCommented:
chown apache filename
chmod 400 filename
0
 
melwongAuthor Commented:
thx
0
 
Web_SightCommented:
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now