如何保护项目中的数据库配置文件? [英] How to secure database configuration file in project?
问题描述
我已经在php文件上创建了用于与数据库服务器建立连接的文件.在此文件中,我将mysql_connect()
函数与数据库服务器的参数host,用户名和密码一起使用.
I have created on php file for establishing connection with database server. In this file, i am using mysql_connect()
function with parameters host, username and password of my database server.
public class DatabaseConnect
{
function __construct()
{
mysql_connect('localhost','username','password') or die('Could not connect to mysql server.');
mysql_select_db('databasename');
}
}
现在,在这种情况下,其他用户可以看到用户名和密码.
Now in this case, username and password are visible to others.
我找到了另一种方法来保护值,即mysql.default_user
和mysql.default_password
.在这种情况下,我们必须采用这种方式?
I found one more way to secure the value i.e. mysql.default_user
and mysql.default_password
. In which scenario we have to this way?
或者我该如何确保别人的价值观?
Or how could i secure my values from others?
推荐答案
您可以尝试将数据库凭据放入具有适当UNIX权限集的单独文件中,例如644,然后将该文件包括在脚本顶部.
You can try to put your database credentials in separate file with proper UNIX permissions set, for example 644, and then include this file on top of your script.
configuration.php
文件如下所示:
<?php
define (DB_USER, "mysql_user");
define (DB_PASSWORD, "mysql_password");
define (DB_DATABASE, "database_name");
define (DB_HOST, "localhost");
?>
您的原始脚本将如下所示:
Your original script will look something like this:
require ("configuration.php");
public class DatabaseConnect
{
function __construct()
{
mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die('Could not connect to MySQL server.');
mysql_select_db(DB_DATABASE);
}
}
这篇关于如何保护项目中的数据库配置文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!