Since your code will need the password there is no perfect security. But you can make it hard to recover.

由于您的代码需要密码，因此没有完美的安全性。但是你可以让它难以恢复。

I put some hash in my web config, as an environment variable, say MYSQL_PASS_HASH

我在我的网络配置中放了一些哈希，作为环境变量，说 MYSQL_PASS_HASH

Then I do something like md5(getenv('MYSQL_PASS_HASH').'gibberish$qwefsdf')which is then the password. Of course you should unsetenvafter that if you're paranoid.

然后我做一些类似的事情md5(getenv('MYSQL_PASS_HASH').'gibberish$qwefsdf')，然后是密码。当然unsetenv，如果你偏执，你应该在那之后。

Your password will not literally be stored somewhere, and it can be recovered only when someone has both you web config andyour database include.

您的密码不会按字面意思存储在某处，只有当有人同时拥有您的网络配置和您的数据库时才能恢复它。

This happens in a file outside of the webroot (don't put all your trust in .htaccess).

这发生在 webroot 之外的文件中（不要完全信任.htaccess）。

Personally, I store sensitive information such as database connection details in a config.inifile outside of my web folder's root. Then in my index.phpI can do:

就个人而言，我将敏感信息（例如数据库连接详细信息）存储在Web 文件夹根目录之外的config.ini文件中。然后在我的index.php我可以这样做：

$config = parse_ini_file('../config.ini');

This means variables aren't visible if your server accidentally starts outputting PHP scripts as plain text (which has happened before, infamously to Facebook); and only PHP scripts have access to the variables.

这意味着如果您的服务器意外地开始将 PHP 脚本输出为纯文本（这在 Facebook 之前曾发生过），变量将不可见；并且只有 PHP 脚本可以访问这些变量。

It's also not reliant on .htaccessin which there's no contingency if your .htaccessfile is moved or destroyed.

它也不依赖于.htaccess，如果您的.htaccess文件被移动或破坏，则不会出现意外情况。

Caveat, added 14 February 2017: I'll now store configuration parameters like this as environment variables. I've not used the .inifile approach for some time now.

警告，2017 年 2 月 14 日添加：我现在将这样的配置参数存储为环境变量。我已经有一段时间没有使用.ini文件方法了。

Keeping your config files outside of your document root is a popular way of improving the security of config files.

将配置文件保存在文档根目录之外是提高配置文件安全性的一种流行方法。

Certainly you should never store a password in a plain text file within the document root. What further steps you take to secure it will depend on the level of access you have to configure your webserver.

当然，您永远不应该将密码存储在文档根目录中的纯文本文件中。您为保护它采取的进一步措施将取决于您配置网络服务器所需的访问级别。

You could define the password in php.ini (or via the ini setting in the Apache config or .htaccess). Or set it in the environment when you start up your webserver.

您可以在 php.ini 中定义密码（或通过 Apache 配置或 .htaccess 中的 ini 设置）。或者在您启动网络服务器时在环境中设置它。

There's no point in just encrypting the password - that means you need to store a decryption key - unless you use the user supplied password with quorum authentication to decrypt the password (but this prevents non-authenticated sessions from accessing the db, and gets messy when you need to add new users to the quorum).

仅仅加密密码是没有意义的——这意味着你需要存储一个解密密钥——除非你使用用户提供的带有法定身份验证的密码来解密密码（但这会阻止未经身份验证的会话访问数据库，并且在您需要将新用户添加到法定人数）。

If its a cheap hosting package and you have no accessible storage outside the document root then storing the password in a php include file within should prevent it being exposed (file will be parsed by php intead of downloaded). Alternately simply naming the file with a '.ht' at the beginning may prevent remote access.

如果它是一个廉价的托管包，并且您在文档根目录之外没有可访问的存储空间，那么将密码存储在 php 包含文件中应该可以防止它被暴露（文件将由 php 解析而不是下载）。或者，简单地以“.ht”开头命名文件可能会阻止远程访问。

Note your second option is somewhat redundant - if someone can do that much damage to your code then they don't need to extract the password from the running code.

请注意，您的第二个选项有些多余 - 如果有人可以对您的代码造成如此大的破坏，那么他们就不需要从正在运行的代码中提取密码。

Really there's no solution to the problem.

真的没有办法解决问题。

C.

C。

Besides storing this sensitive data properly, you should also create a separate MySQL userthat has only the required privileges and restrict the accessto the database/tables/views it needs to have access to. And since the database server is often run on the same machine as the web server, do also restrict the access to local accesses. So don't use the user with root privileges if it just needs to read data from a single database/table.

除了正确存储这些敏感数据之外，您还应该创建一个单独的 MySQL 用户，该用户仅具有所需的权限，并限制对其需要访问的数据库/表/视图的访问。并且由于数据库服务器通常与 Web 服务器运行在同一台机器上，因此也要限制对本地访问的访问。因此，如果只需要从单个数据库/表中读取数据，请不要使用具有 root 权限的用户。

If you're willing to trade off availability for file security, you could take the password out of the config file and require an administrator to type it in when booting and store it in a global variable.

如果您愿意为了文件安全而牺牲可用性，您可以从配置文件中取出密码，并要求管理员在启动时输入密码并将其存储在全局变量中。

You still have to make sure you're safe from injection attacks that could dump that variable out, and of course you have a manual step in the (re)boot process.

您仍然必须确保您免受可能会将该变量转储出去的注入攻击，当然，您在（重新）启动过程中有一个手动步骤。

It does not have to be in the webroot. You can move the file outside of the webroot and call it that way. This will just mean the file cannot be called directly from the web.

它不必在 webroot 中。您可以将文件移到 webroot 之外并以这种方式调用它。这仅意味着无法直接从 Web 调用该文件。

If your code has security flaws in it, such as including stuff without filtering from GET data, then that file is still at risk. The real key is making sure your application is secure as well.

如果您的代码存在安全漏洞，例如包含未从 GET 数据过滤的内容，那么该文件仍然存在风险。真正的关键是确保您的应用程序也是安全的。