Hiding Passwords

decster

Hi all,

I have a php script that accesses a Sybase database and thus needs a username and password. Currently these are hardcoded into the php script itself which is obviously not a good situation. I was wondering what the best way to store the login details securely? I'm running on an Apache by the way.

Cheers,
dec

chriswheat

If you connect to any database the info will need to be hard coded in the script.

your could do an include.

first create a file dbconnect.php
This file should have only the connection information (username, pass, serverlocation...) save the file befor the public directoy.

ie.
dbconnect.php/public_html/

now in your other scripts were you need to connect to the db. do the following:
include("../dbconnect.php");

this will put all of your password information outside the public realm.

If you do not have the ability to place file before the public_html

you could create the dbconnect.php like this:

<?PHP
if ($accessallowed == "yes"){
//put you connection info here
//
//
}else {
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this file</p>
<hr />
</body></html>
<?PHP
}
?>

Now on the the scripts you need db access do the following:

$accessallowed = "yes";
include ("dbconnect.php");

This means that if they try to access dbconnect.php directly it will display an error message. dbconnect.php will now only allow access if called from another script.

Chris