How to protect database passwords in PHP?
P粉351138462
P粉351138462 2023-08-24 09:12:50
0
2
544
<p>When a PHP application establishes a database connection, it usually requires passing a login name and password. If my application uses a single, least privileged login, then PHP needs to know that login and password somewhere. What's the best way to protect that password? It seems like just writing it in PHP code is not a good idea. </p>
P粉351138462
P粉351138462

reply all(2)
P粉879517403

If you're hosted on someone else's server and don't have access to content outside of your network root, you can always put your password and/or database connection into a file and then lock that file using .htaccess:

<files mypasswdfile>
order allow,deny
deny from all
</files>
P粉448346289

Some people misread this as a question about how to store passwords in the database. That's wrong. It's about how to store the password that gives you access to the database.

The usual solution is to move the password from the source code to the configuration file. Then leave the job of managing and protecting the configuration files to the system administrator. This way, developers don't need to know anything about production passwords, and there are no password records in source control.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template