启动时将数据库密码和密钥加载到 PHP 内存中 [英] Load DB password and keys into PHPs memory on startup

问题描述

我有点担心将我的数据库用户名、密码和加密密钥放入一个 PHP 文件中，每个入侵服务器的人都可以轻松读取该文件.是否可以加载 PHP 并提前告诉它可能需要的密码?

I feel a bit anxious to put my database username, password and encryption keys into a PHP file that everyone who hacked himself into the server could easily read. Is it maybe possible to load PHP and tell it the passwords it might need upfront?

我的问题很简单:除了将所有内容都放在一个文件中之外，还有其他方法可以让 PHP 知道数据库密码和密钥吗?

My question is simple: Is there any other way to let PHP know about the DB password and key other than to put everything into one file?

欢迎提出任何想法.

推荐答案

据我所知，您必须在某个时候声明变量才能启动数据库连接.但是，您可以做一些事情来让别人更难阅读.

To my knowledge you will have to declare your variables at some point in order to initiate a DB connection. You can, however, do certain things to make it more difficult for someone to read it.

除了在另一个答案中提到的安全编程实践之外，您可以确保只将您的密码存储在一个文件(例如 Config.php)中，并将其包含在您的数据库连接函数中.此外，您可以将该变量存储在外部 Web 根目录，这意味着人们将无法访问它，除非他们具有服务器访问权限.

In addition to safe programming practices mentioned in another answer, you can be sure to only store your passwords in one file (such as Config.php) and include it in your database connection function. Moreover, you can store this variable outside the web root, meaning that people will not be able to access it unless they have server access.

您还可以让获得访问权限的人更难以阅读.这包括使用对称密钥算法对其进行加密，然后在使用时对其进行解密.请注意，加密/解密密钥也必须存储在服务器上，这再次带来了不便.

You can also make it more difficult to be read for someone who gains access. This includes encrypting it with a Symmetric Key Algorithm, and then decrypting it when used. Note that the encryption/decryption key will have to also be stored on the server which, again, make this little more than an inconvenience.

采取适当的安全措施保护您的代码，并限制您的数据库，使其只能在本地访问.这应该提供足够的安全性.

Take proper security steps in securing your code, and restrict your database so it can only be accessed locally. This should provide ample security.

这篇关于启动时将数据库密码和密钥加载到 PHP 内存中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！