For more information about the php file tree, see. PHP & nbsp; scripts & nbsp; that & nbsp; are & nbsp; used & nbsp; to & nbsp; connect & nbsp; to & nbsp; the & nbsp; database & nbsp; need & nbsp; access & nbsp; to & nbsp.
PHP scripts that are used to connect to the database need access to the password
That user. This can be done reasonably securely by putting the login and password in
File called, for example, dbconnect. php, that you then include when needed. This script
Can be carefully stored outside the web document tree and made accessible only to
Appropriate user.
I am a beginner in Web programming. I am reading PHP and MySQL Web Development. I would like to ask how to understand this sentence.
This script can be carefully stored outside the web document tree and made accessible only to the appropriate user.
If you do not place the script under the file tree, how can you access the script after uploading it to a virtual space?
Php tree web development
------ Solution --------------------
Full path inclusion when needed,
Security reasons.
------ Solution --------------------
Reference:
My understanding is as follows:
My webpage files are all placed under the MyWeb folder. for data security, I put all the database files under the MySQL folder.
So this MyWeb is the webpage file tree?
However, the two folders are not uploaded during the upload process, so there is no way for others to access my database files.
The number of files.
This sensitive file includes the username and password used to connect to the database.
The MYSQL folder is at the database level. this can be imported and exported to complete data initialization and backup operations, which are not covered in this discussion.
------ Solution --------------------
First, this sentence is a suggestion for a server with control-put it outside the website directory and use an absolute path to introduce
This is mainly to prevent anonymous visitors from seeing the php source code in unexpected situations. for example, the php parsing suddenly fails, and the php file's original text displays
Or forget to add error tolerance and hide error information. the php file name connecting to the database is exposed.
Generally, databases in virtual space do not allow external access and can only connect to the local database 127.0.0.1. Therefore, you do not need to worry about password leakage for a short period of time. just change the password as soon as possible.
As for hacker behavior, this is not what we can solve here.
------ Solution --------------------
Security is relative
Although dbconnect. php contains a password, it must be accessed to the file system.
If an intruder can access a file system in a virtual space, what can he do. Even if your dbconnect. php is not under the web jurisdiction, isn't it the same. What's more, is there a copy in the database?
------ Solution --------------------
If your password is assigned a value using a php statement instead of a txt or ini, it cannot be seen through the http connection. it is displayed only when a php parsing error occurs.
Because the virtual space usually limits the ability to connect only the local machine to the database, the password cannot be connected outside, and the password can be changed as soon as possible.
The virtual space should handle some related matters, such as more fault tolerance and one-click website closure.
