What are the potential security risks of storing usernames and passwords in a PHP script like config.php?

Storing usernames and passwords directly in a PHP script like config.php poses a security risk because if the file is accessible to unauthorized users, they can easily view and misuse the credentials. To mitigate this risk, it is recommended to store sensitive information like usernames and passwords in a separate configuration file outside of the web root directory. This way, even if someone gains access to the PHP files, they won't be able to directly access the sensitive information.

&lt;?php
// config.php
define(&#039;DB_HOST&#039;, &#039;localhost&#039;);
define(&#039;DB_USERNAME&#039;, &#039;your_username&#039;);
define(&#039;DB_PASSWORD&#039;, &#039;your_password&#039;);
define(&#039;DB_NAME&#039;, &#039;your_database&#039;);

Keywords

security risks storing usernames passwords PHP script config.php

What are the potential security risks of storing usernames and passwords in a PHP script like config.php?

Keywords

Related Questions