First of all, I know that there is no such thing as a completely safe solution (and even If its usefulness can also be nonsense.)
He said, how do you protect your MySQL database by downloading your code and placing it by compromising someone? Depending on your experience with PHP, it is compulsory to store it at a point or at some other code, which sends flags to me, I can see where the variable, continuous and (user-defined) function names Refactoring can be beneficial to obscure, but in the end it can still detect through it and find the file with DB login information.
Thoughts
Usually MySQL authentication information is external MySQL user, which is used by the web-based configuration file, has no permissions like SELECT, INSERT, UPDATE, DELETE
and ALTER, DROP, DELETE
Has been given. If you want to issue codes to the public, you will not include your personal config file, but instead a general / instructional / minimum config file.
Storing MySQL auth information in an encrypted format is somewhat silly, as you need to store private key / unencrypted at the local level too. If the code or configuration files on your server are trivial to an unauthorized user, then there is no problem code - it is your server setup & amp; Config
No comments:
Post a Comment