I'm creating a web application that will need utilization of a MySQL database from inside different scripts both in PHP and JavaScript. I am accustomed to the "standard" idea of hooking up towards the db mysql_connect("host", "username", "password") however i am wondering how you can keep these strings from spying eyes. My assumption is when a scripts contained the bond info, then that may then be employed to enter into the db itself and wreak havoc with user info along with other important data.

Any suggestions?

If you possess the needed permissons, attempt to save your valuable connection information in atmosphere variables, connect with them, then unset them.

I recall finding this in certain books an internet-based assets, but presently first couple of Google pages return nothing about this.

First, setup two atmosphere variables like PHP_MYSQL_USER and PHP_MYSQL_PWD outdoors PHP. Observe that you may want to restart your internet server, as well as your OS so as these to be active.

Then, in PHP:

mysql_connect('localhost', getenv('PHP_MYSQL_USER'), getenv('PHP_MYSQL_PWD'));
putenv('PHP_MYSQL_USER=');
putenv('PHP_MYSQL_PWD=');

putenv's are somewhat optional, should you include insecure 3rd party or user scripts etc in your body, by utilizing them you are making the env. variables not available for that relaxation from the execution.

Applying this approach, even when someone will get your hands on your script, they will not know your db qualifications. But bear in mind when anybody reaches upload a script/spend to your server, they still will have the ability to see these variables. You can preserve your upload sites in different places that PHP isn't executable, and/or with lower permisions. It is crucial that you simply look into the security of the uploads, with this mechanism as well as for every other server factor.

So that as a side note, please have a look at PHP PDO rather than using bad old mysql_connect(). Searching for countless causes of this.

If a person can access the origin code of the scripts to determine individuals passwords you're already in large trouble. Make certain individuals scripts possess the right file permissions and the like (ie. only readable by individuals that require it).