在哪里存储PHP应用程序的数据库登录凭据 [英] Where to store database login credentials for a PHP application
问题描述
我们有一个开发服务器和一个具有不同数据库连接详细信息(用户名,密码等)的活动服务器。
We have a development server and a live server with different database connection details (username, password, etc).
目前我们正在存储BOTH数据库连接详细信息在initial.php中,如果存在DEFINE语句,则选择一个。我们在我们的活动服务器上手动添加DEFINE语句。
Currently we're storing BOTH the database connection details in a initial.php and one is selected if a DEFINE statement is present. We manually add that DEFINE statement on our live server.
这是一个安全的方法吗?什么是更好的/替代方法来管理数据库连接安全?
Is this a safe approach? What are better / alternative approachs for managing DB connection security?
这样做的一个后果是,每个开发人员可以看到数据库连接详细信息, / p>
One consequence of this is that every developer can see the database connection details and that's a bit risky...
推荐答案
我使用一个.ini文件,然后通过 parse_ini_file(INI_FILENAME_HERE,true)
。
这个文件不受版本控制(和php- / template- / whatever-files一样)。因此,在每台机器上,为相应的数据库连接创建该文件(.database.ini)。
I use an .ini-file, which is then parsed via parse_ini_file(INI_FILENAME_HERE, true)
.
This file isn't under version control (as are the php-/template-/whatever-files). So on every machine I create that file (.database.ini) for the respective database connection.
使用PDO的MySQL连接的示例.ini文件: / p>
Example .ini-file for a MySQL-connection, using PDO:
[db_general]
driver = "mysql"
user = "USERNAME"
password = "PASSWORD"
; DSN
; see http://www.php.net/manual/en/pdo.drivers.php
[db_data_source_name]
host = "localhost"
port = 3306
dbname = "DATABASE_NAME"
; specify PDO-options, provide keys without PDO::
; see http://www.php.net/manual/en/pdo.drivers.php
[db_pdo_options]
MYSQL_ATTR_INIT_COMMAND = "SET NAMES utf8"
; specify more PDO-attributes, provide keys without PDO::
; see http://php.net/manual/en/pdo.setattribute.php
[db_pdo_attributes]
ATTR_CASE = "PDO::CASE_LOWER"
ATTR_ERRMODE = "PDO::ERRMODE_EXCEPTION"
ATTR_EMULATE_PREPARES = false
由于不能使用 ::
在.ini-file-keys中,在代码中使用 constant('PDO ::'。$ iniKey)
来获得所需的PDO常量。
Since one can't use ::
within .ini-file-keys, use constant('PDO::' . $iniKey)
in your code to get the desired PDO-constants.
这篇关于在哪里存储PHP应用程序的数据库登录凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!