On Tue, Nov 01, 2011 at 02:24:05PM +0100, Florian Müller wrote: > > Hi all > I got a little question about a good application design in PHP. > If I use a mysql connection for example, I have to store my mysql-password > somewhere in the code. If it's just in the mysql-class, that's not that good, > because if somebody changes the functionality, he'd see it. > I also can't store it in a text file. Until now, I just created a password > class where all the passwords are described and i can get them by a > get-function. > Where are passwords stored in the big applications? There has to be at least > one big masterpassword somewhere - how can I store it safely? How is this > problem solved in big systems in production?
I store things like this in a file above the document root - so not grabbable by URL. Don't store it in the code ... you then end up with the password stored in several places & then difficult to change. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include <std_disclaimer.h> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
