You are invited to Log in or Register a free Frihost Account!

How can I secure my MySQL connection script and config files

How can I secure my db connection script and config files. I generally have a dbconnect.php and a or something like that. the dbconnections script gets the host, username, and passwords needed to connection to the db from variables stored in how can I secure these kinds of sensitive files so that they cannot be touched (or seen) by anyone except apache? Obviously the info in is all someone would need to get into my db and have their way with it. Is it just a matter of placing these files in a subdir and locking down the linux permissions on that directory? if so, how would I set up my linux permissions to do this, and still let apache have access to them. I'm not really the best at setting up linux permissions. I think the first step would be to disable directory listing in apache with the .htaccess. but what else do I need to do?
thanks in advance.
Well, you shouldn't just use .inc. You should add .inc.php so that it won't be displayed. Other than that, why worry? If you don't use any echo statements, nothing will show anyway. If you are still worried, check google for different numbers to use.
Yeah, thats pretty much what I've been relying on up until now. but what i'm kind of worried about is if someone could download the actual files themselves and not just view what php displays. I guess I'm just worried that if the server gets hacked, and someone gets a hold of those files, they could do some damage. so I want to lock those down as best I can.
some old IIS server where I work has been hacked a couple of times now. I know that my redhat and apache servers are a lot more secure than IIS, but I still wanted to look into every option for securing our data.
Don't ever use root for any normal database operation. And set database-specific users. Example:

yjwong_mambo can access the database yjwong_mambo, but not other databases. This does not secure your database, but prevents larger damage to your database. Do your backups frequently to prevent lots of data loss.
Related topics
751 Useful Windows XP Files
php and mysql connection in flash based website
I was wondering......?
.htaccess problem
MySQL connection
A very good PHP MySQL Tutorial
Lineage II (C4 chronicle)
Error connecting to mysql ; please help
How to import mysql databases from text files?
MySQL Problem
Free PHP/MySQL login script
For PHP & MySql newbies
MySQL - Session error?
Storing MySQL connection data securely and conveniently
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

© 2005-2011 Frihost, forums powered by phpBB.