Config.ini is the best place to store database credentials

Question

my question is that the in PHP language config.ini file is the best place to store database credentials?

I have used config.php file so for to store my database credentials.

<?php 
$config = [
    // Database informations
    "database" => [
        "databaseName" => "learning",
        "userName"     => "root",
        "host"         => "localhost",
        "password"     => ""
    ]

No, its not. The best place is in a hidden env file. The vlucas/phpdotenv is a great for this. You can use this as a reference on how to do this: komalbarun/gohybrid — Rambarun Komaljeet, Nov 03 '19 at 10:10

score 1 · Answer 1 · answered Nov 03 '19 at 11:18

1

It`s good, but not the best. You must to put your database(or other security configs) to .env or .ini file and hide it. for example move file to outside of the web root, so that you can be sure no one can access the file by navigating directly to it.

And I suggest to read how to secure database passwords

More importantly things you should know is never show or access to change config file with php or other editors, just edit it directly.

answered Nov 03 '19 at 11:18

ttrasn

4,322
4
26
43

Thanks, ttrasn got it. – shakil khan Nov 04 '19 at 16:35
@shakilkhan your welcome, please accept this answer – ttrasn Nov 04 '19 at 17:24

Config.ini is the best place to store database credentials

1 Answers1