Solved

How to prevent access to PHP files that store username/password

Posted on 2012-03-26
9
335 Views
Last Modified: 2012-08-31
Our PHP web app saves the database username and password in a file. How do i prevent the access of this file by FTP users. So that if my programmer resigns, I dont always have to keep changing username/password.
0
Comment
Question by:melwong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 22

Expert Comment

by:Kim Walker
ID: 37766250
That depends on what kind of file holds this information. If it's stored in a .php file, the server will always deliver the results of the code inside the file, never the contents. However, I always store such files in a folder outside the public shared directory and include them in my php file using the include statement and a direct path to the file as it is on the server.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 37766287
I use something like this
require_once('../root/db_link.php');

Open in new window

I have the "root" directory on the server at the same level as public_html.  It can't be browsed, only included.  And I also agree with xmediaman: you have very little risk of exposure if your information is inside a .php file.
0
 

Author Comment

by:melwong
ID: 37766309
My current file is in /home/website/public_html/app/app_info.conf. How do i put this file outside public shared dir? Cos my domain website.com points to the dir website
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:melwong
ID: 37766321
My risk is exposing passwords to my programmers
0
 
LVL 12

Expert Comment

by:larsrohr
ID: 37766326
In addition, we make such files owned and readable only by the apache web user.  So among local users, only apache and root can directly access the file.
0
 

Author Comment

by:melwong
ID: 37766360
larsrohr, how do we do that? what is the chmod?
0
 
LVL 12

Accepted Solution

by:
larsrohr earned 50 total points
ID: 37766370
chown apache filename
chmod 400 filename
0
 

Author Closing Comment

by:melwong
ID: 37766464
thx
0
 

Expert Comment

by:Web_Sight
ID: 38353740
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question