FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


How can I secure my MySQL connection script and config files





ammonkc
How can I secure my db connection script and config files. I generally have a dbconnect.php and a conf.inc or something like that. the dbconnections script gets the host, username, and passwords needed to connection to the db from variables stored in conf.inc. how can I secure these kinds of sensitive files so that they cannot be touched (or seen) by anyone except apache? Obviously the info in conf.inc is all someone would need to get into my db and have their way with it. Is it just a matter of placing these files in a subdir and locking down the linux permissions on that directory? if so, how would I set up my linux permissions to do this, and still let apache have access to them. I'm not really the best at setting up linux permissions. I think the first step would be to disable directory listing in apache with the .htaccess. but what else do I need to do?
thanks in advance.
krazycapital
Well, you shouldn't just use .inc. You should add .inc.php so that it won't be displayed. Other than that, why worry? If you don't use any echo statements, nothing will show anyway. If you are still worried, check google for different numbers to use.
ammonkc
Yeah, thats pretty much what I've been relying on up until now. but what i'm kind of worried about is if someone could download the actual files themselves and not just view what php displays. I guess I'm just worried that if the server gets hacked, and someone gets a hold of those files, they could do some damage. so I want to lock those down as best I can.
some old IIS server where I work has been hacked a couple of times now. I know that my redhat and apache servers are a lot more secure than IIS, but I still wanted to look into every option for securing our data.
yjwong
Don't ever use root for any normal database operation. And set database-specific users. Example:

yjwong_mambo can access the database yjwong_mambo, but not other databases. This does not secure your database, but prevents larger damage to your database. Do your backups frequently to prevent lots of data loss.
Related topics
751 Useful Windows XP Files
php and mysql connection in flash based website
I was wondering......?
.htaccess problem
MySQL connection
A very good PHP MySQL Tutorial
Lineage II (C4 chronicle)
Error connecting to mysql ; please help
How to import mysql databases from text files?
MySQL Problem
Free PHP/MySQL login script
For PHP & MySql newbies
MySQL - Session error?
Storing MySQL connection data securely and conveniently
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.