How to secure database passwords in PHP?

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I'm using a single, minimum-permission login for my application, then the PHP needs to know that login and password somewhere. What is the best way to secure that password? It seems like just writing it in the PHP code isn't a good idea.


Several people misread this as a question about how to store passwords in a database. That is wrong. It is about how to store the password that lets you get to the database.

The usual solution is to move the password out of source-code into a configuration file. Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.


如果您在其他人的服务器上托管并且无法访问webroot之外的任何内容,则始终可以将您的密码和/或数据库连接放在一个文件中,然后使用.htaccess锁定该文件:

<files mypasswdfile>
order allow,deny
deny from all
</files>

将它们存储在web根目录外的文件中。

链接地址: http://www.djcxy.com/p/21604.html

上一篇: WCF没有安全性

下一篇: 如何在PHP中保护数据库密码?