如何保护项目中的数据库配置文件? [英] How to secure database configuration file in project?

问题描述

我已经在php文件上创建了用于与数据库服务器建立连接的文件.在此文件中，我将mysql_connect()函数与数据库服务器的参数host，用户名和密码一起使用.

I have created on php file for establishing connection with database server. In this file, i am using mysql_connect() function with parameters host, username and password of my database server.

public class DatabaseConnect
{
function __construct()
{
    mysql_connect('localhost','username','password') or die('Could not connect to mysql server.');
    mysql_select_db('databasename');
}

}

现在，在这种情况下，其他用户可以看到用户名和密码.

Now in this case, username and password are visible to others.

我找到了另一种方法来保护值，即mysql.default_user和mysql.default_password.在这种情况下，我们必须采用这种方式?

I found one more way to secure the value i.e. mysql.default_user and mysql.default_password. In which scenario we have to this way?

或者我该如何确保别人的价值观?

Or how could i secure my values from others?

推荐答案

您可以尝试将数据库凭据放入具有适当UNIX权限集的单独文件中，例如644，然后将该文件包括在脚本顶部.

You can try to put your database credentials in separate file with proper UNIX permissions set, for example 644, and then include this file on top of your script.

configuration.php文件如下所示:

<?php
define (DB_USER, "mysql_user");
define (DB_PASSWORD, "mysql_password");
define (DB_DATABASE, "database_name");
define (DB_HOST, "localhost");
?>

您的原始脚本将如下所示:

Your original script will look something like this:

require ("configuration.php");
public class DatabaseConnect
{
function __construct()
{
    mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die('Could not connect to MySQL server.');
    mysql_select_db(DB_DATABASE);
}

}

这篇关于如何保护项目中的数据库配置文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！