For questions about the PHP file tree, please explain.
PHP scripts that is used to connect to the database need access to the password for
That user. This can is done reasonably securely by putting the login and password in a
File called, for example, dbconnect.php, and then include when needed. This script
Can be carefully stored outside the Web document tree and made accessible
Appropriate user.
I am learning Web programming, read PHP and MySQL Web development, I would like to ask this sentence how to understand.
This script can is carefully stored outside the Web document tree and made accessible only the appropriate user.
Do not put the script under the file tree, then upload to the virtual space, how to access the script?
PHP Tree Web Development
------Solution--------------------
When needed, the full path contains,
Security-related reasons.
------Solution--------------------
Citation:
My understanding is this:
My Web files are all placed under the MyWeb folder, in order to secure the data, I put all the database files under the MySQL folder.
So this myweb is the Web file tree?
But upload the time is not to put this two folders are uploaded, then others have not been able to access my database files
The number of files that are required to run all sites except sensitive files.
This sensitive file includes the user name and password to connect to the database.
MySQL folder is a database level, this can be imported and exported to complete the initialization of data and backup operations, not within the scope of this discussion.
------Solution--------------------
First of all, this sentence is to give the server control of the proposal-put to the site directory, with absolute path to introduce
This is primarily to prevent accidental situations where anonymous visitors can see the PHP source code, such as a sudden problem with PHP parsing, the original PHP file shows
Or forget to add fault tolerance and hide error messages, the PHP file name of the connection database exposes
Virtual space database generally do not allow external access, only local 127.0.0.1 connection, so the password leaked in a short period of time or not to worry about, as soon as possible to change the password on the line
As for hacking, it's not something that can be solved here.
------Solution--------------------
Safety is relative.
Although dbconnect.php this contains the password but also to enter the file system to see
If an intruder is able to enter the file system of a virtual space, what is he not allowed to do? Even if your dbconnect.php is not in the web jurisdiction, you can still see it. What's more, there's a copy in the database?
------Solution--------------------
If your password is assigned to a PHP statement, not a txt or INI, so that the HTTP connection is not visible, only PHP parsing error will be displayed
Because the virtual space is usually limited only to the local database connection, so the outside know that the password is not connected, a short period of time to change the password as soon as possible
Virtual space to do some related things, such as more fault tolerance, one-click Closed Station and so on