What are the potential security risks of storing database access credentials in an unencrypted configuration file within the document root of a server?
Storing database access credentials in an unencrypted configuration file within the document root of a server poses a significant security risk as it exposes sensitive information to potential attackers. To mitigate this risk, it is recommended to store the credentials in a separate file outside of the document root and encrypt the file to prevent unauthorized access.
<?php
// Define database credentials
define('DB_HOST', 'localhost');
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_NAME', 'database');
// Encrypt the credentials file
$encryptedCredentials = base64_encode(encrypt('DB_HOST=localhost&DB_USER=username&DB_PASS=password&DB_NAME=database', 'encryption_key'));
file_put_contents('/path/to/encrypted_credentials.txt', $encryptedCredentials);
function encrypt($data, $key) {
return openssl_encrypt($data, 'AES-256-CBC', $key, 0, '1234567890123456');
}
?>
Keywords
Related Questions
- What are the recommended methods for securely storing and comparing passwords in PHP login systems?
- What are some best practices for securely managing user passwords in PHP applications, especially when storing them in text-based files?
- What are the advantages of using TIMESTAMP over date() function for storing dates in PHP?