Hide database access data

Discussions around the use of PHP on VMS
Post Reply
User avatar
WillemGrooters
VMS Guru
Posts: 59
Joined: Wed Jul 20, 2005 10:17 am
Location: Netherlands
Contact:
Contact WillemGrooters

Hide database access data

Post by WillemGrooters »

I think this is generic to all PHP packages that use a database (MySQL, typically) but I know it holds for PHPBB2 and Wordpress: Database access information is stored - in plain text - in a PHP file: config.php for PHPBB2, wp-config.php for Wordpress. It contains database access information: username, password, host and prefix.
Since this file needs to be readable by the webserver, anyone that gains access to the directory will have read access to this file, and malicious users may find a way into your database (if not worse) using this data.

:!: On VMS, it's easy to secure it and have all working nicely - look at http://www.grootersnet.nl/sysblog/?p=184. All my blogs and forums are secured this way.
Top
Post Reply

Return to “PHP”