Menu
I know the rule: never hardcode your password, and I've seen this question here which explains what to with Java and mySQL, but I don't know what to do for PHP and mySQL.
The current connection string is made like this
<?PHP
$DBName = "dbName";
$Host = "localhost";
$User = "dbUser";
$Password = "Yikes_hardcoded_PW";
$Link = mysql_connect( $Host , $User , $Password , $DBName);
if (!$Link) {
die('Could not connect: ' . mysql_error());
}
?>
EDIT: For all the downvotes I getting on this, I still have not received a reply to the question which is about a genuine security concern - hardcoded passwords. It is not helpful to down vote on a genuine question without posting either a comment or answer that fulfils the question.
663
The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
password_hash() function provides the facility to securely store the password of the user to the database. Example: First parameter Password will contain the normal password. The second Parameter will contain PASSWORD_BCRYPT to make secure otherwise it contains PASSWORD_DEFAULT as default.
If your script has a fair amount of processing to perform after fetching the result and has retrieved the full result set, you definitely should close the connection. If you don't, there's a chance the MySQL server will reach it's connection limit when the web server is under heavy usage.
Store your configurations into another file.
$DBName = "dbName";
$Host = "localhost";
$User = "dbUser";
$Password = "Yikes_hardcoded_PW";
Setup git ignore for this configuration file.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
