How to secure database passwords configure file in PHP?

Question

How can i secure the configure file that contain database passwords in PHP? plus i need details how to do it.

What do you mean by secure? Secure from who? The public can't see what's in a PHP file, but you should secure your FTP/cPanel etc so that unauthorised people can't access the file. — Christian, May 24 '12 at 07:41

score 0 · Answer 1 · answered May 24 '12 at 07:41

Put the configuration file, an included .php module, in a directory which cannot be read by the webserver. For example:

config.php:

<?php
   $db_host = "localhost";
   $db_user = "username";
   $db_password = "the literal password";
   $db_database = "default_db";
?>

score 0 · Answer 2 · edited May 23 '17 at 12:04

It depends from whom you want to make it secure? 1) from some hacker? 2) from your customer who will be having access to your source code? or 3) your staff?

In all case what you can do is you can use code obfuscation to encrypt your code. (http://en.wikipedia.org/wiki/Obfuscation_%28software%29)

some of them which could be used are: ioncube (commercial) zend guard (commercial) http://www.intricks.com/projects/PhpCodeBuster/ (free) you can google up more of that if required.

useful posts: Is there a code obfuscator for PHP?

I am using ioncube and works well for me on all platforms (windoes+linux)

How to secure database passwords configure file in PHP?

2 Answers2