Paul Hollands

« This is quite Star Trek.. | Main | RSS 1.0 job vacancies module »

July 01, 2005

Securing DB authentication credentials in PHP

I want to use Windows .ini style files for DB configuration settings in PHP. This is an approach I already use in Python.

Because these files are going to contain usernames and passwords I can't have them in the webserver file system as they would be visible to the web. However, if they aren't where the webserver can see them then PHP won't open them while running in safe mode.

My solution is to use a local .htaccess file with the following:

<Files ~ "\.ini$">
Order allow,deny
Deny from all
</Files>

Tags: PHP

Posted by pj at July 1, 2005 12:54 PM