问题描述:

In a web application that connects to a bunch of databases, what would be the safest way to store the database usernames and passwords? I can't hash them since i still have to use them to connect to the databases. Plain text doesn't really cut it since the databases could contain sensitive information. What would be the safest way to store them so they could still be used?

Thanks!

网友答案:

You can define those variables in a separate file and store them in a folder that's not web-accessible or make the file not web accessible and include it in your connection file.

i.e. Config File

If you using PHP

Credentials File

<?php 

define("database_username", "*****");

define("database_password", "*****");

define("database_server", "*****");

define("database_name", "*****");

?>

....................................................................................

Connection Script

   <?php 
    require ('../non-webaccessible-folder/credentials.php');

    class Databased {

    public static $connection;

    function __construct() {
        $this->connection = new mysqli(
                        database_server,
                        database_username,
                        database_password,
                        database_name
        );
    }

    public static function connect() {
        if (!isset(self::$connection)) {
            self::$connection = new mysqli(database_server, database_username, database_password, database_name);
        }
        return self::$connection;
    }

}

    ?>
网友答案:

There are solutions out there that offer some semblance of a solution to this problem, but in my opinion, a plaintext config file is perfectly acceptable. If an intruder has access to your filesystem, they can just grab the raw database files anyway.

相关阅读:
Top