lung — 2010-10-17T22:01:42-04:00 — #1
where do you save username,password,database name?
for me i create all data in file dbc.php
and include this file for connect
in file dbc.php
and define username,password,host,database name
what do you think about it?
lung — 2010-10-17T23:58:45-04:00 — #2
possible they can read my PHP file on server?
for username we define -> $987654123TgUiaLosPXlsdsdsdsedw=root;
for password we define -> $987654123TgUiaLosPXlsdsdsdsesdsdw=12345;
for host we define -> $987654123TgUiaLosPXlsdsdsdsedwdsfse=localhost;
if Yes: what should do?
if NO: we only create configweb.php and inside define all data,for use all file and what should we set permission file?
aleksejs — 2010-10-20T06:29:18-04:00 — #3
Has anyone tried defining SELinux policy (or some other technique) to define which php files can include what files?
paul_wilkins — 2010-10-17T22:59:24-04:00 — #4
Defining them as global variables is not a good idea, because then you're leaving the gates wide open for ANY code to gain access to that information.
Commonly you should store the username and password in a configuration file that is outside of the web accessible structure. That way any passwords are not available from your source control, and the configuration file can be appropriately secured (and configured) by the system administrators.
oddz — 2010-10-17T23:01:40-04:00 — #5
I prefer an XML file above the site root.
paul_wilkins — 2010-10-17T23:49:06-04:00 — #6
This is why it's stored outside of the web structure, and/or the system administrator set the permissions for the file so that it's not publicly accessible.
lung — 2010-10-17T23:45:34-04:00 — #7
But I'm not sure they can open my file in on server?
or set permission?