在文件上写入mysql_connect("localhost"，"root"，"mypasswd")是否安全? [英] is it secure to write mysql_connect ( "localhost", "root", "mypasswd" ) on file?

问题描述

或类似的东西

connect_db.php

mysql_connect ("localhost", "root", "hashed_mypasswd");

这更安全吗?

或者只是写 mysql_connect ("localhost", "root", "mypasswd"); 并使用.htaccess文件使文件夹(www/html/inc/)仅可从本地主机访问?

Or just write mysql_connect ("localhost", "root", "mypasswd"); and make the folder (www/html/inc/) only accessble from localhost using .htaccess file?

请帮助我进行良好的练习.

Please help me with a good practice.

推荐答案

只要文件将由PHP解析，就没有什么可担心的，而且一个安全性也不比另一个安全.但是，还涉及实用性:如果您在多个地方编写了mysql_connect，并且决定将数据库移至另一台主机，或者决定更改密码，或者发现它是 绝对不安全(使用根帐户进行连接)(更改;))，将connect语句放在一个位置会更容易.

As long as the file will be parsed by PHP, there's nothing to worry about, and the one isn't more secure than the other. Nonetheless, there's practicality involved as well: if you write your mysql_connect in more than one place and you've decided to move your database to another host, or you've decided to change the password, or if you found out it's absolutely insecure to connect using the root account (change that ;)), it's easier to have the connect statement in one place.

此外，如果PHP无法解析您的文件，则最好不要在Webroot的外部中放置这些关键文件，而Apache甚至无法访问这些文件.那是最安全的方法.

Also, if PHP isn't parsing your file, you're better off having those critical files outside of the webroot, not even accessible by Apache. That's the most secure way.

这篇关于在文件上写入mysql_connect("localhost"，"root"，"mypasswd")是否安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！