-1

I guess pretty many of you know WordPress and its installation guide. If not I guess there are plenty of other web applications on the web, where it is the same.

You type in the database connection, username password and Wordpress automatically sets the database. And then you never have to type in those things again because WordPress saves it somewhere.

I thought of creating a text file with this data, but this seems too insecure, because everybody just could access this file. So how would I do this exactly?

The problem with sessions is of course, that it can be destroyed easily. So how could I realize this?

halfer
  • 19,824
  • 17
  • 99
  • 186
devShuba
  • 91
  • 3
  • 10
  • 1
    How is a text file any more insecure than other .php or config files on disk? – deceze Apr 28 '13 at 14:57
  • 2
    I believe WordPress puts it in a PHP file. Alternatively, you could, you know, store credentials outside of the public document root. – Ry- Apr 28 '13 at 14:57
  • 1
    [How to secure database passwords in PHP?](http://stackoverflow.com/questions/97984/how-to-secure-database-passwords-in-php) – Antony Apr 28 '13 at 14:59

1 Answers1

1

You store them into php file under a variable that can be included whenever it needed. This way users will not have access to its contents.

Example (secret.php)

<?php
  $secret = "123";

Even if user will navigate to secret.php he will not see its content since it's parsed by PHP

Also, this way you can store your passwords in plain-text format without worrying that someone might access them.

Community
  • 1
  • 1
Stan
  • 25,744
  • 53
  • 164
  • 242
  • Ok let's say this. I'm initializing the variable $secret by `$secret = ''` and then I just do this: `$secret = hashalgorithm($_POST['pw]])` and that way it is accessible forever? – devShuba Apr 28 '13 at 15:08
  • bad Idea, anyone who knows that the file exists could use that to maipulate the secret, also if you need the password in plain, the hash wont help. – My1 Feb 28 '17 at 11:27