Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Is it safe to keep database password and username in config database file in live site
Is it safe to keep database password and username in config database file in live site
  • El Forum
    Guest
  •  
#9
01-22-2010, 05:51 PM

[eluser]Yorick Peterse[/eluser]
[quote author="Andrew Hull" date="1264188623"][quote author="Yorick Peterse" date="1264039609"][quote author="GnomBrother" date="1264007875"]Yes you can do so, by including in database.php as well as you have to include database defined constants in your every controller file which communicates with database. It could be a total mess and many includes just negatively effect site performance. Is it possible to move config folder outside the www folder, if yes, what are the best ways to implement this...[/quote]

No it's not. It's simply impossible to download a PHP file's source code unless you have access to the FTP server.[/quote]

... Except of course when the web server serves it up the php content as text by mistake.... either due to a bug or mis-configuration of the web server, or an exploit being used against the server. (See here for an example http://xforce.iss.net/xforce/xfdb/7735)

In other words, its not "impossible", just highly unlikely, and therefore you should always assume it is possible, and take appropriate measures to avoid the rather obvious consequences.[/quote]

Highly, highly unlikely. Even a default configuration of Apache, Lighttpd or Nginx prevents PHP from being served as static text, unless you're configuring your server rambo style.

If your server is configured properly it's perfectly save to store passwords in .PHP files.


Messages In This Thread
Is it safe to keep database password and username in config database file in live site - by El Forum - 01-22-2010, 05:51 PM



Theme © iAndrew 2016 - Forum software by © MyBB