如何在我的 php 脚本中隐藏我的 mySQL 登录信息?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6820176/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I hide my mySQL login info in my php script?
提问by Erik
I have a great php mySQL login script that works fine. Is ther another way to provide all my access info without revealing it in the script? Right now I show all my security access info which I think is not safe.
我有一个很棒的 php mySQL 登录脚本,可以正常工作。是否有另一种方法可以提供我的所有访问信息而不在脚本中显示它?现在,我显示了我认为不安全的所有安全访问信息。
Can I hide this?
我可以隐藏这个吗?
Here is what I'm referring to:
这是我所指的:
$host="localhost"; // Host name
$username="XXXXXXXXXX"; // Mysql username
$password="XXXXXXXXXX"; // Mysql password
$db_name="XXXXXXXXXXX"; // Database name
$tbl_name="XXXXXXXXXX"; // Table name
回答by Blake
Create database.php, move your code snippet above to database.php, then ..
创建database.php,将上面的代码片段移动到database.php,然后..
include "database.php";
At the top of each page that needs a database connection.
在需要数据库连接的每个页面的顶部。
回答by Viller
First step: Put all mysql api into separate file, than include it in other scripts.
第一步:将所有 mysql api 放入单独的文件中,然后将其包含在其他脚本中。
Second: Deny access to sql config\api file due configuring your server.
第二:由于配置您的服务器,拒绝访问 sql config\api 文件。
btw, whom do you show "show all my security access info"?
顺便说一句,你向谁展示“显示我所有的安全访问信息”?
回答by JK.
As long as php interpret your script before it's send to the client you're safe. If you have access to apache conf files you could try something like this.
只要 php 在将脚本发送到客户端之前对其进行解释,您就是安全的。如果您有权访问 apache conf 文件,您可以尝试这样的操作。
If you are going to include the file at the top of your script it's important that you give the file an extension that will be interpreted (.php) or prevent them from being served in the .htaccess file. Otherwise you might risk that the webserver serve it as text upon request.
如果您要在脚本的顶部包含该文件,请务必为该文件提供一个将被解释的扩展名 (.php) 或防止它们在 .htaccess 文件中提供。否则,您可能会冒着网络服务器根据请求将其作为文本提供的风险。
回答by Tom Walters
There is no easy way to do this, I would suggest storing the variables in a separate file and then just including the data. If you're not happy with others reading the data why not create a separate user specifically for the script? That's the way I'd do it.
没有简单的方法可以做到这一点,我建议将变量存储在一个单独的文件中,然后只包含数据。如果您对其他人阅读数据不满意,为什么不专门为脚本创建一个单独的用户?我就是这样做的。
回答by Kev
If you want to give that script away and ecrypt the whole file before, you can always use Zend Guard
如果您想放弃该脚本并在之前对整个文件进行 ecrypt,您可以随时使用 Zend Guard
回答by grep
It will have to be defined somewhere. I would make sure you have suPHPinstalled so you can set your permissions to 400. Then include the file which has your definitions, like connection.php etc. This is very secure as it allows the php files only to be read by the server / your account.
它必须在某处定义。我会确保您安装了suPHP,以便您可以将权限设置为 400。然后包含具有您定义的文件,如 connection.php 等。这是非常安全的,因为它允许 php 文件只能由服务器/您的帐户读取。
