I'm currently working on a website for my church's college group, and am started to get a little worried about the security of what I'm writing. For instance, I use this function:
我目前正在为我教会的大学团队建立一个网站,我开始对我正在撰写的内容的安全性感到担忧。例如,我使用这个函数:
function dbConnect()
{
global $dbcon;
$dbInfo['server'] = "localhost";
$dbInfo['database'] = "users";
$dbInfo['username'] = "root";
$dbInfo['password'] = "password";
$con = "mysql:host=" . $dbInfo['server'] . "; dbname=" . $dbInfo['database'];
$dbcon = new PDO($con, $dbInfo['username'], $dbInfo['password']);
$dbcon->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$error = $dbcon->errorInfo();
if($error[0] != "")
{
print "<p>DATABASE CONNECTION ERROR:</p>";
print_r($error);
}
}
to connect to the database whenever I do a query of some sort. I always use the PDO prepared statements to prevent SQL injection from any user input, and I use htmlspecialchars to escape before outputting. My question is this: How do I protect my username and password for my database? I don't know if someone can view the source for my PHP files, but if they could, I can only imagine I would be hosed. What do I do?
每当我进行某种查询时连接到数据库。我总是使用PDO预处理语句来阻止任何用户输入的SQL注入,并且我在输出之前使用htmlspecialchars来转义。我的问题是:如何保护我的数据库的用户名和密码?我不知道是否有人可以查看我的PHP文件的来源,但如果他们可以,我只能想象我会被软管。我该怎么办?
3 个解决方案
#1
9
You should put your database credentials in a file outside of the document root, so if something messes up and your PHP gets shown to users un-parsed, no-one will be able to see your password.
您应该将数据库凭据放在文档根目录之外的文件中,因此如果某些内容混乱并且您的PHP显示给未解析的用户,则任何人都无法看到您的密码。
Have a look at this article on the subject this article on the subject:
看看关于这个主题的这篇文章的主题:
The solution is simple. Place all sensitive data outside of your web server’s document root. Many experts now advocate placing most, if not all, of your php code outside of your web server’s document root. Since PHP is not limited by the same restrictions are you web server, you can make a directory on the same level as your document root and place all of your sensitive data and code there.
解决方案很简单。将所有敏感数据放在Web服务器的文档根目录之外。许多专家现在主张将大部分(如果不是全部)PHP代码放在Web服务器的文档根目录之外。由于PHP不受Web服务器相同的限制,您可以在与文档根目录相同的级别创建目录,并将所有敏感数据和代码放在那里。
#2
7
Ok, this needs some clarification. Some have suggested that you put sensitive data outside the document root. This has some merit but is more placebo than anything else in practicality.
好的,这需要一些澄清。有人建议您将敏感数据放在文档根目录之外。这有一些优点,但在实用性方面比其他任何东西都更安慰。
You have to consider potential sources of problems.
你必须考虑潜在的问题来源。
-
Someone with shell access to the machine will compromise your database connection information regardless of where you put it. This can include both authorized users and those who exploit a vulnerability to get shell access (this has happened a lot);
无论您将数据库连接放在何处,对计算机具有shell访问权限的人都将损害您的数据库连接信息。这可以包括授权用户和利用漏洞获取shell访问权限的用户(这已经发生了很多);
-
If PHP is disabled or the Web server is fooled into thinking it is then there is the possibility that PHP files are served in raw form. Putting them outside the document root will protect you against this;
如果PHP被禁用或者Web服务器被认为是那么PHP文件可能以原始形式提供。将它们放在文档根目录之外可以保护您免受此攻击;
-
If someone somehow manages to write a PHP script to the document root, it's basically the same as someone having shell access so no measure will protect you.
如果某人以某种方式设法将PHP脚本写入文档根目录,那么它与具有shell访问权限的人基本相同,因此没有任何措施可以保护您。
Practically, if your Web server is compromised it is, the cases where your config files are outside the document root will protect you are fairly unlikely.
实际上,如果您的Web服务器受到损害,那么您的配置文件位于文档根目录之外的情况将保护您的可能性相当小。
The main point of security with databases is to ensure that someone from the internet can't connect directly. This can be done with a firewall, binding the database to a private IP address or putting the database on a private server.
数据库的主要安全性是确保来自互联网的人无法直接连接。这可以通过防火墙完成,将数据库绑定到专用IP地址或将数据库放在专用服务器上。
#3
3
There are precautions you can take. Create a mySQL user that is specific to what your application needs to be able to do. This can limit the amount of damage an attacker can do if he's compromised your username and password. For instance, allow the user to insert, update, select etc, but NOT drop, etc. Further, as cletus mentioned, the database should not be accessible to the outside. On shared hosting environment, this usually means the db can only be connected to from your www server or localhost.
您可以采取预防措施。创建一个特定于您的应用程序需要能够执行的操作的mySQL用户。这可以限制攻击者在用户名和密码泄露时可以造成的破坏程度。例如,允许用户插入,更新,选择等,但不要丢弃等。此外,正如提到的那样,数据库不应该被外部访问。在共享主机环境中,这通常意味着只能从您的www服务器或localhost连接数据库。
Re: kalpaitch, don't pass your password around in some reversible hash. People should never see your source.
Re:kalpaitch,不要在一些可逆散列中传递你的密码。人们永远不应该看到你的来源。
#1
9
You should put your database credentials in a file outside of the document root, so if something messes up and your PHP gets shown to users un-parsed, no-one will be able to see your password.
您应该将数据库凭据放在文档根目录之外的文件中,因此如果某些内容混乱并且您的PHP显示给未解析的用户,则任何人都无法看到您的密码。
Have a look at this article on the subject this article on the subject:
看看关于这个主题的这篇文章的主题:
The solution is simple. Place all sensitive data outside of your web server’s document root. Many experts now advocate placing most, if not all, of your php code outside of your web server’s document root. Since PHP is not limited by the same restrictions are you web server, you can make a directory on the same level as your document root and place all of your sensitive data and code there.
解决方案很简单。将所有敏感数据放在Web服务器的文档根目录之外。许多专家现在主张将大部分(如果不是全部)PHP代码放在Web服务器的文档根目录之外。由于PHP不受Web服务器相同的限制,您可以在与文档根目录相同的级别创建目录,并将所有敏感数据和代码放在那里。
#2
7
Ok, this needs some clarification. Some have suggested that you put sensitive data outside the document root. This has some merit but is more placebo than anything else in practicality.
好的,这需要一些澄清。有人建议您将敏感数据放在文档根目录之外。这有一些优点,但在实用性方面比其他任何东西都更安慰。
You have to consider potential sources of problems.
你必须考虑潜在的问题来源。
-
Someone with shell access to the machine will compromise your database connection information regardless of where you put it. This can include both authorized users and those who exploit a vulnerability to get shell access (this has happened a lot);
无论您将数据库连接放在何处,对计算机具有shell访问权限的人都将损害您的数据库连接信息。这可以包括授权用户和利用漏洞获取shell访问权限的用户(这已经发生了很多);
-
If PHP is disabled or the Web server is fooled into thinking it is then there is the possibility that PHP files are served in raw form. Putting them outside the document root will protect you against this;
如果PHP被禁用或者Web服务器被认为是那么PHP文件可能以原始形式提供。将它们放在文档根目录之外可以保护您免受此攻击;
-
If someone somehow manages to write a PHP script to the document root, it's basically the same as someone having shell access so no measure will protect you.
如果某人以某种方式设法将PHP脚本写入文档根目录,那么它与具有shell访问权限的人基本相同,因此没有任何措施可以保护您。
Practically, if your Web server is compromised it is, the cases where your config files are outside the document root will protect you are fairly unlikely.
实际上,如果您的Web服务器受到损害,那么您的配置文件位于文档根目录之外的情况将保护您的可能性相当小。
The main point of security with databases is to ensure that someone from the internet can't connect directly. This can be done with a firewall, binding the database to a private IP address or putting the database on a private server.
数据库的主要安全性是确保来自互联网的人无法直接连接。这可以通过防火墙完成,将数据库绑定到专用IP地址或将数据库放在专用服务器上。
#3
3
There are precautions you can take. Create a mySQL user that is specific to what your application needs to be able to do. This can limit the amount of damage an attacker can do if he's compromised your username and password. For instance, allow the user to insert, update, select etc, but NOT drop, etc. Further, as cletus mentioned, the database should not be accessible to the outside. On shared hosting environment, this usually means the db can only be connected to from your www server or localhost.
您可以采取预防措施。创建一个特定于您的应用程序需要能够执行的操作的mySQL用户。这可以限制攻击者在用户名和密码泄露时可以造成的破坏程度。例如,允许用户插入,更新,选择等,但不要丢弃等。此外,正如提到的那样,数据库不应该被外部访问。在共享主机环境中,这通常意味着只能从您的www服务器或localhost连接数据库。
Re: kalpaitch, don't pass your password around in some reversible hash. People should never see your source.
Re:kalpaitch,不要在一些可逆散列中传递你的密码。人们永远不应该看到你的来源。