As my server is getting a bit bigger, and more users are getting access to it, I don't want them to see the password that MySQL is using to connect to PHP, which is stored in my 'connect.php' file and required by every page. However, it is just sitting in the same directory as the rest of the php files.
随着我的服务器变得越来越大,越来越多的用户可以访问它,我不希望他们看到MySQL用来连接PHP的密码,这些密码存储在我的'connect.php'文件中并且需要每页。但是,它只是与其他php文件位于同一目录中。
I've considered using a second 'connect.php'-like file with access to only one table, that stores the encrypted passwords to connect to MySQL, but then I would have the problem of hiding the key to it.
我已经考虑使用第二个'connect.php'类似的文件只能访问一个表,它存储加密的密码以连接到MySQL,但是我会遇到隐藏密钥的问题。
Changing permissions won't work either, if you chmod o-r or something similar, nobody will be able to access the web application, obviously.
更改权限也不起作用,如果你chmod o-r或类似的东西,显然没有人能够访问Web应用程序。
Is there an accepted method to get around this problem, or should I just solve it on my own? The problem is that I don't want it to be too convoluted if there is an accepted method.
是否有一种可以解决这个问题的方法,或者我应该自己解决?问题是,如果有一种可接受的方法,我不希望它太复杂。
6 个解决方案
#1
7
All the answers have good advice but fail to address the fact that any user with server access can just snoop around and open the config.php in an editor.
所有答案都有很好的建议,但未能解决这样一个事实:任何具有服务器访问权限的用户都可以只是窥探并在编辑器中打开config.php。
Set your config files in a directory outside of public webspace , the webserver should be the owner of this directory and it should have permissions set to 700. All files it contains should be 644. This way no one can even read the file contents apart from webserver user or root.
将配置文件设置在公共网站空间之外的目录中,网络服务器应该是该目录的所有者,并且它应该具有设置为700的权限。它包含的所有文件应该是644.这样,除了以外,任何人都无法读取文件内容。 webserver用户或root。
This is a common approach, but there is a lot more to the subject as security is a very vast topic, but is better than 90% of the setups out there.
这是一种常见的方法,但由于安全性是一个非常广泛的主题,因此主题还有很多,但优于90%的设置。
#2
8
I would strongly recommend moving connect.php in one directory above your DOCUMENT_ROOT so that it is not accessible from your web server.
我强烈建议将connect.php移动到DOCUMENT_ROOT上方的一个目录中,以便无法从Web服务器访问它。
Your php files can of course include connect.php with full or relative path eg:
你的php文件当然可以包含完整或相对路径的connect.php,例如:
require_once('../connect.php');
#3
2
Set $password, connect, then unset() $password. They should be never able to recover it. I don't think a PHP file can be downloaded anyway, neither seen. It is always compiled by the server before.
设置$ password,connect,然后设置unset()$ password。他们应该永远无法恢复它。我认为无论如何都不能下载PHP文件,也看不到。它始终由服务器编译。
#4
2
The content of server side files cannot be obtained by users, unless you show it to them willingly (or by mistake).
用户无法获取服务器端文件的内容,除非您自愿(或错误地)向他们显示。
Most likely any compromise would come via FTP access in which case a hacker would have access to all files on the webserver anyway.
最有可能通过FTP访问进行任何妥协,在这种情况下,黑客无论如何都可以访问网络服务器上的所有文件。
#5
2
Move it to a folder after the root of www, such as www/includes. From there, you may use htaccess to block permission for viewing files under /includes.
将其移动到www的根目录后的文件夹,例如www / includes。从那里,您可以使用htaccess来阻止查看/ includes下的文件的权限。
After connected to the SQL database, use unset($username, $password) so that there is no security threat of someone echoing the username of password.
连接到SQL数据库后,使用unset($ username,$ password),以便没有人回应密码用户名的安全威胁。
Finally, it's always best to have dedicated hosting so that nobody else with access to the web server can potentially view other user's files.
最后,最好有专门的托管,这样任何有权访问Web服务器的人都无法查看其他用户的文件。
#6
0
Alternatively, you could get rid of passwords altogether and configure the DB server that only connections from localhost are accepted. This'll only work on dedicated hosting though, it's a security risk if you're on shared hosting.
或者,您可以完全删除密码并配置DB服务器,只接受来自localhost的连接。这只会在专用主机上工作,但如果您使用共享主机,则存在安全风险。
#1
7
All the answers have good advice but fail to address the fact that any user with server access can just snoop around and open the config.php in an editor.
所有答案都有很好的建议,但未能解决这样一个事实:任何具有服务器访问权限的用户都可以只是窥探并在编辑器中打开config.php。
Set your config files in a directory outside of public webspace , the webserver should be the owner of this directory and it should have permissions set to 700. All files it contains should be 644. This way no one can even read the file contents apart from webserver user or root.
将配置文件设置在公共网站空间之外的目录中,网络服务器应该是该目录的所有者,并且它应该具有设置为700的权限。它包含的所有文件应该是644.这样,除了以外,任何人都无法读取文件内容。 webserver用户或root。
This is a common approach, but there is a lot more to the subject as security is a very vast topic, but is better than 90% of the setups out there.
这是一种常见的方法,但由于安全性是一个非常广泛的主题,因此主题还有很多,但优于90%的设置。
#2
8
I would strongly recommend moving connect.php in one directory above your DOCUMENT_ROOT so that it is not accessible from your web server.
我强烈建议将connect.php移动到DOCUMENT_ROOT上方的一个目录中,以便无法从Web服务器访问它。
Your php files can of course include connect.php with full or relative path eg:
你的php文件当然可以包含完整或相对路径的connect.php,例如:
require_once('../connect.php');
#3
2
Set $password, connect, then unset() $password. They should be never able to recover it. I don't think a PHP file can be downloaded anyway, neither seen. It is always compiled by the server before.
设置$ password,connect,然后设置unset()$ password。他们应该永远无法恢复它。我认为无论如何都不能下载PHP文件,也看不到。它始终由服务器编译。
#4
2
The content of server side files cannot be obtained by users, unless you show it to them willingly (or by mistake).
用户无法获取服务器端文件的内容,除非您自愿(或错误地)向他们显示。
Most likely any compromise would come via FTP access in which case a hacker would have access to all files on the webserver anyway.
最有可能通过FTP访问进行任何妥协,在这种情况下,黑客无论如何都可以访问网络服务器上的所有文件。
#5
2
Move it to a folder after the root of www, such as www/includes. From there, you may use htaccess to block permission for viewing files under /includes.
将其移动到www的根目录后的文件夹,例如www / includes。从那里,您可以使用htaccess来阻止查看/ includes下的文件的权限。
After connected to the SQL database, use unset($username, $password) so that there is no security threat of someone echoing the username of password.
连接到SQL数据库后,使用unset($ username,$ password),以便没有人回应密码用户名的安全威胁。
Finally, it's always best to have dedicated hosting so that nobody else with access to the web server can potentially view other user's files.
最后,最好有专门的托管,这样任何有权访问Web服务器的人都无法查看其他用户的文件。
#6
0
Alternatively, you could get rid of passwords altogether and configure the DB server that only connections from localhost are accepted. This'll only work on dedicated hosting though, it's a security risk if you're on shared hosting.
或者,您可以完全删除密码并配置DB服务器,只接受来自localhost的连接。这只会在专用主机上工作,但如果您使用共享主机,则存在安全风险。