安全地在PHP中存储数据库安全凭证 [英] Storing Database Security Credentials in PHP Securely
问题描述
是否在目录结构( ../ dbconn_inc.php )中相对安全地存储数据库凭据?
我们有一个通过GoDaddy运行cPanel的基本共享托管帐户,其主页存储在 / public_html 中。我们希望找到一个简单的解决方案,以将数据库凭据安全地存储在PHP包含文件中。我们尚未更改任何文件夹权限(但是-我们愿意这样做)。目录处理的主要方法是cPanel的目录管理器和FileZilla。目前,我们正在引用存储在根目录( / )中的包含文件,但不确定这样做是否安全。
提前谢谢!
将数据库信息保留在脚本中是相当安全的,但是脚本的安全性主要取决于主机以及如何配置和使用服务器。
将连接信息保留在.php文件中的唯一缺点是如果服务器停止解析php并将脚本以纯文本格式输出给任何加载页面的用户,则托管在您的Web根目录内部,因此,最好将数据库配置保留在Web根目录之外,以限制访问。 / p>
您的目录如下所示:
| -config
| --database.php
|
| -public_html(www.mysite.com的根目录) --init.php
然后在init.php中可以使用之类的东西要求输入 ../ config / database.php 来获取所需的信息。
其他信息
Is storing database credentials one relative-level up in a directory structure (../dbconn_inc.php) secure?
We have a basic shared hosting account through GoDaddy that runs cPanel, with the main page being stored in /public_html. We are hoping to find a simple solution to securely store database credentials in a PHP include file. We have not changed any folder permissions (yet - we are willing to do so). Our primary methods of directory manipulation are cPanel's directory manager and FileZilla. At the moment, we are referencing an include file stored in the root directory (/), but are unsure if this is safe.
Thank you in advance!
It's reasonably safe to keep your database information inside of the script, however the security of your scripts are mainly dependent on the host and how you configure and work with your server.
The only disadvantage to keeping your connection information inside of a .php file that is hosted inside of your web root would be if the server stops parsing php and outputs the script as plain text to any user loading the page, Thus it would be best to keep your database config outside of the web root to keep access restricted.
Your directory would look something like this:
|-config
| --database.php
|
|-public_html (Root for www.mysite.com)
| --init.php
Then in init.php you could use something like require "../config/database.php" to get the information you needed.
Extra info
This question has been asked before and has some good answers
Alternative methods to including from outside the web root
这篇关于安全地在PHP中存储数据库安全凭证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
