在PHP中保持MySQL凭据私有的最佳方法是什么?

本文介绍了在PHP中保持MySQL凭据私有的最佳方法是什么?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

在用php编程Web应用程序时，最有效的方法是防止MySQL信息被他人(第三方)泄露或发现?该信息将包括connet功能中使用的域名，登录名和密码.

When it comes to programming your web application in php, what is the most efficient way to prevent your MySQL information from being disclosed or discovered by another person (third party)? The information would include domain names and log in and passwords used in the connet functions.

例如，一个好的程序可能是将mysql连接功能保存在单独的php文件中，等等.

For an example a good procedure might be keeping your mysql connection functions in a separate php file, etc.

有什么想法吗?

推荐答案

将凭据保存在单独的.php文件外部文档根目录中(因此无法通过Web直接访问该文件)

最好将其保存为.php文件而不是.inc，这样，即使通过网络意外访问了该文件，该文件也将被执行且不会直接显示

在建立连接后，请勿保留用户名和密码(例如，在不再需要凭据时，不要取消设置包含凭据的vars或数组密钥)；您不会意外暴露您不再拥有的东西

不允许重复包含凭据文件(例如，凭据文件中的if (defined('DB_AUTH_LOADED')) return; define('DB_AUTH_LOADED', 1);)，以避免任何可能的对凭据var的重新定义

Keep your credentials in a separate .php file outside the document root (so it is not directly accessible over the web)

It is better to keep it a .php file instead of, say, .inc, so that even if it is accidentally accessible over the web, it will be executed and not displayed directly

Do not keep the username and password after you have established the connection (i.e., unset the vars or array keys holding the credentials after you don't need them anymore); you cannot accidentally expose what you don't have anymore

Do not allow repeated inclusion of the credentials file (e.g. if (defined('DB_AUTH_LOADED')) return; define('DB_AUTH_LOADED', 1); in your credentials file), in order to avoid any possible redefinition of your credentials vars

这应该保护您避免直接访问您的凭据，以及避免由于自己的代码而导致的凭据意外泄漏.如果攻击者可以将PHP文件上传到您的服务器上并设法执行它们，那么这场斗争就很失败了，但是上述措施应该可以使您相当安全，以免意外泄露自己的信用.

This should protect you from direct access to your credentials and from accidental leaks of the credentials by your own code. If attackers can upload PHP files to your server and manage to actually execute them, the fight is pretty much lost, but the above measures should keep you fairly safe from accidentally revealing your creds yourself.