PHP security

Hello there all, I’m using a mysqli database network, I currently have connect script such as username/password for database on my catalog page, this cannot be seen on watch source but My organization is wondering whether I should squeeze connect script around an external file on a password protected patch of the site.

How is it possible for anyone to actually view the documents on my server

Thanks before hand

No fact that that.
Hacking through the particular webhost shared server is the way in,
just in case someone did this, it would not matter the place that the file was found.
Leave your join script where it truly is.

Thanks for ones response… that’s one less thing to be concerned about.

When I mastered that at school i was told it had been fairly safe the way you did it, but being truly safe use a link to a strong external db connection page rather than in the similar location as your complete other files.

Wouldnt make a scrap of difference – each of the persons then have to do is examine the ‘include’ place, and bingo – they’ve the file.

You don’t have true secure way of storing your DB username/password. That experts claim its in some sort of PHP file means getting older get sent to the user, its all processed around the server.

When you really, really need to stop people witnessing it, use something such as Ioncube to encode the particular database connection document. But again, every one of the persons then have to do is range from the encoded file, and echo away the variables from this.

Personally I would spend more time securing GET plus POST requests when compared with worrying about db association strings.

Since you mentioned GET & POST security would you clarify what guidelines you advise for you to secure these. Concerning always assumed PUBLISH was secure. I’m sure GET sticks it out about the URL so WHEN I always use place for secure information.

I haven’t executed any security large sites but here’s currently doing something having a login form and have used with the multitude of POST and cookies to go info about with the assumption this has been relatively secure plus only readable by means of my server. Any pointers you possibly can give would become appreciated.

Thanks for ones help. D.

This entry was posted in Web Design and tagged , , , , , , , , , , , , . Bookmark the permalink.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *