-3

Silly question, but I've only ever written databases in Xampp before so hacking was not an issue...

I want to connect to my database and display data from it on a webpage.

$username = "user";
$password = "password???";
$hostname = "host.name";

//db connection
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Can't connect");
echo "Connected to MySQL<br>";

I'm not too sure I want to advertise my database's password online; I'm guessing I can encrypt it with something (I only used md5 before, which I've now found is not an effective way to do this).

Can someone shine some light here? I've been searching for an hour and can't seem to find much.

jamclow
  • 7
  • 1
  • 2
  • 5
    Unless you have a security vulnerability, people cannot see your PHP source code. – Alexander O'Mara Jul 17 '15 at 14:48
  • 2
    And that account should have the most restrictive db permissions possible. – Alex K. Jul 17 '15 at 14:48
  • Don't use your stack overflow password and make sure database is not connectable from the outside. – Anonymous Jul 17 '15 at 14:53
  • Once a hacker should be able to access your code, the unauthorised database access will be your least problem. – Marcello Mönkemeyer Jul 17 '15 at 14:53
  • Define the password as a constant in a config file that's outside of the web tree (that way it's never accessible over HTTP even if you somehow crap out your web server config and end up with it not parsing PHP files)... and **don't** use a deprecated, out-of-support database extension like `mysql_*` : http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – CD001 Jul 17 '15 at 14:56

2 Answers2

1

You could use environment variables or just include a config/constants file to do this, then you can isolate your config settings from you're main source.

Environment Variables

http://php.net/manual/en/function.getenv.php

Config/Constrains

<?php
    // require 'constants.php'
    define("DB_USER", "user");
    define("DB_PASS", "password");
    define("DB_NAME", "database");

http://php.net/manual/en/function.define.php

I wouldn't encrypt your database values.

nathanmac
  • 455
  • 1
  • 6
  • 14
  • I don't really see the point in doing this. How're constants superior to variables in this context? – Marcello Mönkemeyer Jul 17 '15 at 15:03
  • Constants are available throughout your code - so if your database connection is inside a function/class then the constant will be available, a variable won't. Besides, your database connection strings **are** going to be constant unless you're connecting to multiple DB servers. @FoxRider – CD001 Jul 17 '15 at 15:05
  • Ideally you also want to put this *constants.php* file outside of the web tree (docroot). – CD001 Jul 17 '15 at 15:08
0

There's really absolutely no problem with storing the password in plain text, as the PHP code is not visible to the user. Unless there's a security vulnerability, in which case the unauthorised database access would be the least problem, you really don't need to bother.

However, I highly recommend to unset() variables with sensitive data after they aren't needed anymore. This eliminates the risk of potential information leak through, for example, insecure template rendering.

Marcello Mönkemeyer
  • 652
  • 5
  • 30
  • *the PHP code is not visible to the user. Unless there's a security vulnerability, in which case the unauthorised database access would be the least problem, you really don't need to bother.* - Oh, I dunno, I'd argue access to the database would be **far** worse than access to the source code. You can download the complete Magento source code perfectly fine but somehow I suspect shops running Magento *might* get a little upset if you were to access all their customer data. – CD001 Jul 17 '15 at 15:20
  • Correct me if I'm wrong, but I'd suppose once a hacker has access to the PHP code, he's far beyond the limited possibilities an unauthorised database access would provide. – Marcello Mönkemeyer Jul 17 '15 at 15:41
  • 1
    Depends on how the code was accessed - could be a server misconfiguration that's telling Apache to parse PHP as `text/plain` then the source code would be readable by just visiting the page... could be an exploit in the FTP server (hint, don't use FTP), that would be worse as it could potentially give the ability to chuck PHPMyAdmin on your server and they'd have the connection keys from your config file. Generally speaking, the only thing worth any money to an attacker on your site is your customer/user data - in the database. – CD001 Jul 17 '15 at 15:53