Php script database password problems if php has database operations, such as mysql, in the connection statement, can only, and can only enter the database password with a clear code? In this case, if you have the permission to view the script, do you know the database password? In that case, for example, banking systems, online shopping, and the security of their database connection scripts, are there any special points, and how to keep them confidential (, lock the server in the safe ?). I don't know if I am very white, but I don't know about the database password in the php script.
If php has database operations, such as mysql,
In the connection statement, can I only enter the database password with an explicit code? In this case, if you have the permission to view the script, do you know the database password?
In that case, for example, banking systems, online shopping, and the security of their database connection scripts, are there any special points, and how to keep them confidential (, lock the server in the safe ?).
I don't know if I am very white, but I don't know. Is there any implicit input method?
------ Solution --------------------
Yes. The problem is that he has the permission to view the script, so what permissions does he have?
In the banking system, most online shopping is performed using java... java, which is much more secure than php. In addition, the database is basically not mysql.
------ Solution --------------------
It is more secure to directly write the password in the configuration file. If the server permissions are safe enough, no one else can view your MYSQL password. Even if your source code is leaked, we can configure MYSQL to prevent external access through HTTP or SOCKET, which improves security. Try again. if you do not specify the MYSQL password, it is difficult to ask the user to enter the password for every data query? Is your password still called a password?
