Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Richard Hendrix2016-10-19 14:41:19
PHP
Richard Hendrix, 2016-10-19 14:41:19

Is it safe to store authentication data in clear text for MySQL database?

How safe is it to store MySQL database authentication data in a .php file?!
I am a very green person in this business and very paranoid. Can you please tell me how safe these methods are? Maybe there are other ways? Maybe you should not store passwords directly in such an open form? Can it be better to come up with some self-encryption mechanisms?

<?php #Вариант 1
     $host = 'localhost';
     $name_bd = 'myBase';
     $user = 'admin';
     $password = '1234567'; 
?>

<?php #Вариант 2
     define('HOST', 'localhost');
     define('NAME_BD', 'myBase');
     define('USER', 'admin');
     define('PASSWORD', '1234567');
?>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
R
Roman Mirilaczvili, 2016-10-19
@GeekT

Passwords and other sensitive data can be passed through environment variables. Only the application itself has access to environment variables through the web server (with the rights of the user under which it is launched). For example like this (Linux).

Report
C
CityCat4, 2016-10-19
@CityCat4

This is standard practice. But you need to keep in mind three points:
- the password file must be outside the web server
- the file must contain a user who has rights only to the site database and only the minimum necessary rights
- MySQL should only accept connections from 127.0.0.1

Report
A
Anton, 2016-10-19
@karminski

This is normal practice. If someone gets access to the files on your server, then it will not matter to you whether he finds the login / password to the database in this file or stupidly resets the MySQL root password. Therefore, set aside paranoia! You are doing everything right.
Between the options, I would choose the 1st, but I don’t see much difference.
Ps Usually, the access file is kept in a folder inaccessible to the web server. See how it is implemented using the Yii framework example ( https://github.com/yiisoft/yii2-app-basic). The web server only looks in the web folder. Everything else, including the config folder, is not visible to it.

Report
Y
yegreS, 2016-10-19
@yegreS

It's a common practice to store database access credentials in plaintext, in a php file.
Just keep in mind that the database should only be accessible from the local computer and normal users cannot view php files.

Similar questions
S
StayAtHome2015-04-01 12:24:02
How to distinguish a web request from a regular page from a request from the extension itself from a Chrome/Opera extension? 4Reply
M
Mikhail Potapenkov2016-06-13 18:20:30
On initial startup, the OS issues a blue screen 0x0000007B. What does it mean? 4Reply
R
Rooly2021-03-23 11:40:40
How to properly organize apiResource Laravel? 2Reply
A
Anton2021-03-27 12:39:53
Getting the selected radio item and passing it to the email body, how to display the selected item? 2Reply
N
Nicholas Hephaestus2022-01-24 20:18:11
Why does the space bar and other keys not work in TeamViewer? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question