When a PHP application makes a database connection it of course generally needs to pass a login and password. If I\u2019m using a single, minimum-permission login for my application, then the PHP needs to know that login and password somewhere. What is the best way to secure that password?<\/p>\n
\u00a0<\/p>\n
Solution 1<\/strong><\/p>\n Several people misread this as a question about how to\u00a0store<\/strong>\u00a0passwords in a database. That is wrong. It is about how to store the password that lets you get\u00a0to<\/strong>\u00a0the database.<\/p>\n The usual solution is to move the password out of source-code into a configuration file. Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.<\/p>\n Solution 2<\/strong><\/p>\n If you\u2019re hosting on someone else\u2019s server and don\u2019t have access outside your webroot, you can always put your password and\/or database connection in a file and then lock the file using a .htaccess:<\/p>\n When a PHP application makes a database connection it of course generally needs to pass a login and password. If I\u2019m using a single, minimum-permission login for my application, then the PHP needs to know that login and password somewhere. What is the best way to secure that password? \u00a0 Solution 1 Several people misread […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16540],"tags":[],"class_list":["post-3900","post","type-post","status-publish","format-standard","hentry","category-cyber-security"],"yoast_head":"\n