Issue with MySQL Username and Password stored in several places on a PHP webiste

rkfiles

Hi all,

I am a newbie to this website. I have an issue to which I require your assistance.

I have a website developed on Joomla by a company. They didn't follow the standard process while building the website.

MySQL connection strings are initiated in about 20 places around the website in several *.php files.

Now I need to change the password of our database. Is it OK if I do a "text search in all files" and replace the old password by new password?

Or is there any better solution to solve this issue?

Please suggest and help out of this fix.

Regards,
Ravi.

laserlight

rkfiles wrote:
Now I need to change the password of our database. Is it OK if I do a "text search in all files" and replace the old password by new password?

It may be a little risky since you might change more than you expect, so you should go through each instance of the change and check that it is what you want to change.

rkfiles wrote:
Or is there any better solution to solve this issue?

In the long run, you should make it such that the password is stored in some configuration file placed outside of the public document root. This file is then included, and the corresponding variable accessed. Clearly, this is much more work than just a manually checked "text search in all files", but then it also makes a future password change just a matter of updating one file.