security - How to protect passwords given inside PHP so people browsing the code will not see it -

-

i making php script people have purchase.

<?php     session_start();     $dbhost = "localhost";     $dbname = "planeub9_airmanagemembership";     $dbuser = "planeub9_malcolm";     $dbpass = "mypassword";      mysql_connect($dbhost, $dbuser, $dbpass) or die("mysql error: " . mysql_error());       mysql_select_db($dbname) or die("mysql error: " . mysql_error());   ?>

is there way db password can hidden plain view?

i start assuming release tarball or zipfile of software project, rather granting access whole git repository. this, can use git archive create release of project.

before this, need ensure configuration file not committed version control. if already, copy (for example copy "/config/base.php" "/config/base.php.example") , reset settings dummy values prior committing it. remove real config file version control whilst leaving physical file on disk.

to prevent file coming in git status uncommitted, add "/config/base.php" ".gitignore" file. prevent accidentally re-committing too. finally, add instructions in "readme" explain "base.php" needs created copy of "base.php.example".

now, if wish release whole repo and have committed configuration file, have 2 options. firstly, can take above advice removing repo now, , change database credentials. leave private details in repo, out-of-date , harmless.

or, can excise configuration file repo entirely using git rebase. causes problems if have pushed project other contributors, have pull fresh copy , re-apply pending changes. however, remove entirely history, unavoidable (and if let collaborators know going on, quite easy manage).


Comments

Post a Comment

Popular posts from this blog

python - Subclassed QStyledItemDelegate ignores Stylesheet -

-
i'm trying subclass qstyleditemdelegate remove focus rectangle in qcombobox . even though i'm calling base implementation of paint function , nothing else, result different. looks if parts of style-sheet influence bounding box of item taken consideration. class pstyleditemdelegate(qstyleditemdelegate): def __init__(self, *args, **kwds): super(pstyleditemdelegate, self).__init__(*args, **kwds) def paint(self, *args, **kwargs): qstyleditemdelegate.paint(*args, **kwargs) what have paint unmodified qstyleditemdelegate ? as suggested tried replacing pyside pyqt4 , works, appears bug. update pyside 1.1.2 1.2.1 result same. unfortunately switch breaks other parts of code, if there no other suggestions i'm going accept answer. edit bug tracked here
Read more

java - HttpClient 3.1 Connection pooling vs HttpClient 4.3.2 -

-
i have used httpclient3.1(java) connection pooling below : import org.apache.commons.httpclient.httpclient; import org.apache.commons.httpclient.multithreadedhttpconnectionmanager; import org.apache.commons.httpclient.params.httpclientparams; import org.apache.commons.httpclient.params.httpmethodparams; import org.apache.log4j.logger; public class httpclientmanager { private static logger logger = logger.getlogger(httpclientmanager.class); private static multithreadedhttpconnectionmanager connectionmanager = new multithreadedhttpconnectionmanager(); private static httpclientparams clientparams = new httpclientparams(); static { try { clientparams.makelenient(); clientparams.setauthenticationpreemptive(false); clientparams.setparameter(httpmethodparams.so_timeout, new integer(30000)); // set so_timeout clientparams.setparameter(httpmethodparams.head_body_check_timeout, new integer(3000)); // head responses
Read more

SQL: Divide the sum of values in one table with the count of rows in another -

-
is possible to, in single query, sum bunch of values in 1 table, , divide count of rows in another? there common id/key in both tables... fyi, win points least info provided in question. answer it's possible...here psuedo code since i'm guessing @ tables , columns select summing / counting whynot (select id, sum(whatever) summing where_ever ) inner join (select id, count(1) counting what_ever)b on a.id = b.id question = 'vague' group a.id
Read more