[nycphp-talk] Where to store credentials and/or keys
Dan Cech
dcech at phpwerx.net
Mon Aug 14 14:53:39 EDT 2006
Chris Shiflett wrote:
> Aaron Fischer wrote:
>> One issue is regarding where to store MySQL database credentials
>
> [SNIP]
>
>> One solution recommended is to store code such as database
>> credentials in a folder that is outside of the document root
>> on the web server.
>
> I wouldn't call this a solution, since it doesn't address the shared
> hosting concerns at all, but includes should be kept outside of document
> root anyway. Document root is for public resources that require their
> own URL.
>
>> I now have security books from Shiflett
>
> Check out Chapter 8. It's all about shared hosting and addresses this
> particular problem. It's also covered in the PHP Cookbook.
>
> If you own neither, I have an old article on my web site that explains
> it briefly (near the end):
>
> http://shiflett.org/articles/security-corner-mar2004
That is quite a neat trick, and definitely a good one to add to the bag.
Dan
>
> Hope that helps.
>
> Chris
>
More information about the talk
mailing list