0
php my Admin pw
Is it possible to hash the password for a my sql/php my admin database, so that the document is sending the hashed pw to the Databese and the Database decodes it? I think thats saver than writing the Password direktly inside the php document. Sadly my knowlege about my sql is to small to answer this question on my own. So thanks for every answer!
4 Answers
+ 2
Oh, different area. This is from memory so... critical thinking hats + I'm going to stop short due to SoloLearn context.
Hardcoding passwords in source files is not recommended because a configuration mistake (or github accident, etc) could deliver raw PHP (unprocessed source) to visitors.
One policy: keep credentials in an import directory. Then, accidentally delivering source code means the import never runs so you never send your credentials. Protect the import directory and files with strict operating system permissions (restrict to web processes) and prevent directory indexing so people can't just browse your imports. Set github excludes so they're never checked in, etc.
Comms:
PHP and db on same server: named pipes / sockets probably good enough. TCP/IP doesn't seem necessary but it's your stuff.
PHP and db different servers: Consider encrypting the channel unless you control the entire subnet + routers (Internet: encrypt)
Expansion on this topic ... may I suggest StackOverflow?
+ 2
You don't send the hash because (that's no different than just sending the password in the first place, and) servers should never trust client-side code/output -- you send the encrypted password. In general, the server applies the hashing algorithm + salt (never sharing the output with you), and if the provided password generates the correct hash it lets you in. By the way: the server shouldn't even be storing your password -- which is why many places when you lose your password...they can't help you.
I thought "php my admin" already has secure hashing built in if you go through the configuration files / pages... not 100% on this though.
+ 1
Thanks for your Answer. To build a connection from the php script to the Database you need to write:
$connect = mysqli_connect('host',"username","password","table");
In my ayes thats not verry save, like if the Password was "123" you will write:
$connect = mysqli_connect('host',"username","123","table");
Is there a other/saver way to comunicate the password?
0
Shud a robots.txt work instead of a .gitignore?