Best way/place to store MySQL password?

Associate
Joined
15 Nov 2002
Posts
816
Ok, just starting to teach myself PHP/MySQL and trying to get into good habits from the off.

Whats the best way of storing the MySQL database password?

All the examples I've been reading have the password stored as plain text which is nice and easy for learning, but I assume not great for security! :P

TIA
 
Do you mean the password you use to connect to the mysql database? And you don't want it to be readable when looking at your scripts code?
 
accessing MySQL - I set it as a protected property
storing passwords - read this lovely article on storing passwords at coding horror

using mysql_connect() only works with plain text doesn't it?
yeah, but I always make it a point to chmod the file that contains those details so it's not readable by world (actually I chmod the whole directory, but that's because there's other stuff in the directory that world doesn't need to be able to see, and I'm paranoid)
 
Last edited:
Do you mean the password you use to connect to the mysql database? And you don't want it to be readable when looking at your scripts code?

Thanks to all that's replied so far :)

Yes and no :P

I do mean the password that you use to connect to the database, but I mean if someone was somehow able to gain access to the script where the database connection is made, they have the password to the entire database.

Is it better to store the script(s) that contain references to the password outside the www root folder or some other method?

Nice link to Coding Horror Sic, I'll have a read through that also.
 
if you had that password data stored in a file and someone navigated to it, they wouldn't see it unless it was output from the script - if they tried to download it, it would simply give them a blank file - the only way they'd be able to gain access to it is via ftp/ssh, and if people have that level of access to your server and you don't want them to then you've got bigger problems. just make sure that it's never part of any output to the client in the form of error/debug messages and you'll be alright. like I said, I chmod the file so people visiting can't access it, but that's just an extra precaution that I'm fairly certain is unnecessary :)

Coding Horror's great - one of very few sources I read regularly on programming.
 
Back
Top Bottom