11

im a total beginner in web programming. Im trying to create a simple website that is reading data from a SQL Database. At first i just wrote my database password and login directly into the php code:

<?php
$username = "login";
$password = "pw";
mysql_connect("server", $username, $password);
...
?>

This obviously isn't a very good idea! So what is a (much) more "secure" way to do this? I read about putting the php code into a seperate file, meaning not into the main php document of the website, and then restricting the access to that file. Maybe by a .htaccess file. Is this the way to go?

gaussd
  • 899
  • 6
  • 15
  • 28
  • Why shouldn't this be a good idea? If you don't echo the credentials noone can see them if he doesn't gain access to your webserver. – Tim May 11 '11 at 10:03
  • 3
    Good question, but has been asked already! There is no *much* more secure way. Here is one duplicate: [How to secure database passwords in PHP?](http://stackoverflow.com/q/97984) – Pekka May 11 '11 at 10:03
  • What’s wrong with this approach in your opinion? – Gumbo May 11 '11 at 10:03
  • It's not exaclty unsafe. An attacker would need to have access to your server to get this password. And I think, you'll propably would have bigger problems if that's the case. – Yoshi May 11 '11 at 10:04

2 Answers2

10

The config.php file and the .htaccess is a classic/good way to go. It's the way it is usually done with CMS or frameworks.

As pointed by JohnP, you can also store the config.php outside of the public directory, that means that it can't be accessed via HTTP. This is only a little better for security (if you don't make a mistake with your .htaccess, there is no more risks).

File structure example :

  • config/ -> configuration files
  • lib/ -> libraries and utils PHP files
  • public/ -> all you public pages/files/images...

That way, http://www.your-site.com/ points to public/, so there's no way to access the config. But this solution implies that you can change the root web directory (or that it is already like that).

Finally, you have to remember to set this file readable and writeable by the Apache user only, not everyone (unix file access rights), so that if someone gain access to you server through another user, he can't read the file.

Matthieu Napoli
  • 48,448
  • 45
  • 173
  • 261
1

You normally put this in a configuration file and you access the configuration values via PHP.

Usually a project is organized such that your application code and your configuration code is outside your webroot and only your public resources (index.php, images, scripts or other resources) are available via direct access.

JohnP
  • 49,507
  • 13
  • 108
  • 140
  • If you have access to the source code you probably have access to the configuration file, it may be good practice in terms of configuration management -- but its no more secure! – James Anderson May 11 '11 at 10:15
  • 1
    @JamesAnderson most definitely. I wasn't implying it was any secure than what he was doing now. This was more of a guideline as to how to structure things – JohnP May 11 '11 at 10:26
  • You're all suggesting to store credentials outside wwwroot. Ok, I understand the security background. But how should it be stored in version control then (sample config)? Usually wwwroot is the root of git repo, so if there is anything outside - it will be outside of VC. Imagine new developer trying to set up a local instance for development - how should he know magic like "take this file, copy it outside and fill in"? – The Godfather Aug 10 '18 at 18:46
  • The safest way to deal with is to have a mykeys.php.sample file that lists all of the keys that the app uses with all of the values empty. The values can either then be manually filled in by the user on the deployment machine. The other option is to use a script and populate the values as environment variables. You can then keep the script out of your version control as well. – JohnP Aug 10 '18 at 20:34