troubleshooting Question

hide database login credentials from print_r, var_dump, reflection, etc.

Avatar of foxymoron7
foxymoron7 asked on
PHPMySQL ServerScripting Languages
6 Comments1 Solution549 ViewsLast Modified:
Hi all,

Using WordPress as an example may help clarify my question.

If someone gains access to the server where the WordPress installation is located, they can upload a simple file to find out the login credentials for the installation's database.

simple file example:
<?php
require_once 'wp-load.php';
global $wpdb;
var_dump($wpdb);
?>

By uploading that file and calling it in a web browser I can see the dbuser, dbpass, dbhost, etc. properties of $wpdb.

How can one use a class that handles all database tasks and hide these properties from outsiders, or at least make them much more difficult to find out?  I've thought of holding the values in a separate class that gets called from the main class but the var dump would clue a snooper in as to what class to next run the var_dump on, so that doesn't seem effective unless you were to put the credentials many, many classes deep in a chain.

Thanks!
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros