Is the password vulnerable in a php file

Anon

Please forgive my newbie question.

I am a non-programmer who has gotten interested in using php and mysql on a web site. The practice tutorials have been productive and an excellent teacher. However, I notice that one's password is included in the php file in order to access the database. Is this password safe? Are there any steps that one needs to take in order to insure its safety?

Thank you

Tom

Anon

Well, IMHO I think you need to make sure that your HTTP server's configuration is secured. I mean nobody can get RAW .php files from the server.

OR in case you are not sure, you can place the password inside a file (outside of your documentroot / WWWROOT). Then all you need is add some codes in the php file that connects to the database to read the file that contains the password. For example, you put the password in a file named 'password' in the path /home/tom/

All you need to do is include the following code in the calling file (before connecting to the database)

$file = file("/home/tom/password","r");

This will put the first line of the file 'password' in an array named $file. This means that the password in contained in $file[0]

And then you just include $file[0] as the password in the mysql_connect(...)

Anyway this is my opinion, I am not that good 😉
If anybody feels that this way is incorrect, do tell me. Thanks.

Anon

I think a better way is to just use include(), using the same method of placing it outside of your web root. have a file called database.php or database.inc and do your connecting to the database and database selecting in that file. then just include it using

include("/home/tom/database.inc");

Then go about business as usual. You can define other variables or functions or whatever in the include file.

---John Holmes...

Anon

Why didn't I think of that? Simpler to do it this way! Thanks John.

Anon

I know the first method (with the array) isn't the best way but if you did that use fgets instead of file. This way only 1 line would be loaded into a variable instead of the whole file into an array. Arrays are very slow especially if you load a lot of info into them.

Nath

Anon

Many thanks to you all and especially to John. Simple and elegant solution. It works fine and I feel better knowing the password is tucked away. Hope you all had good thanksgivings.

Tom