How to secure database passwords in PHP?

by

Several people misread this as a question about how to store passwords in a database. That is wrong. It is about how to store the password that lets you get to the database.

The usual solution is to move the password out of source-code into a configuration file. Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.

More Related Contents:

  1. Fastest hash for non-cryptographic uses?
  2. which is better every user have a table or just a row [closed]
  3. PDOException SQLSTATE[HY000] [2002] No such file or directory
  4. strange character encoding of stored data , old script is showing them fine new one doesn’t
  5. Full Secure Image Upload Script
  6. What does it mean to escape a string?
  7. PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
  8. How to loop through a mysql result set
  9. Are mysql_real_escape_string() and mysql_escape_string() sufficient for app security?
  10. Login without HTTPS, how to secure?
  11. Maximum execution time in phpMyadmin
  12. how safe are PDO prepared statements
  13. How can I relax PHP’s open_basedir restriction?
  14. How to run PHP exec() as root?
  15. Hiding true database object ID in url’s
  16. Mysql No connection could be made because the target machine actively refused it
  17. Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in
  18. Replacing mysql_* functions with PDO and prepared statements
  19. CodeIgniter – why use xss_clean
  20. phpmyadmin automatic logout time
  21. Dealing with timezones in PHP
  22. PHP and Microsoft Access database – Connection and CRUD
  23. Fatal error: Call to undefined function mysqli_result()
  24. Laravel nested relationships
  25. Why I am getting an error when using w3school tutorial? [duplicate]
  26. Codeigniter CSRF – how does it work
  27. Unique key generation
  28. Is it possible to execute PHP with extension file.php.jpg?
  29. Sanitize file path in PHP
  30. When to use filter_input()

Leave a Comment