In PHP we can use files to store sensitive data, but those files must have certain levels of protection.
Let's take the example of a file that stores our database connection credentials.
To save this important information I have created a file db.php.ini
that contains the following:
<?php return; ?>
; credenciales
host=localhost
usuario=elusuariodeladb
clave="laclave"
dbnombre=elnombredeladb
This file applies several levels of security:
- It is in a folder outside of root or
public_html
, so it cannot be accessed through the browser - It's in a hidden folder
.credenciales
- It has this at the beginning
<?php return; ?>
so that if by any chance it is accessed by URL it will not display anything.
Reading that file, when connecting to the database, is done like this:
private function Connect()
{
/* Leer credenciales desde el archivo ini */
$this->credenciales = parse_ini_file(".credentials/db.php.ini");
$dsn = 'mysql:dbname=' . $this->credenciales["dbnombre"] .
';host=' . $this->credenciales["host"] . '';
$pwd = $this->credenciales["clave"];
$usr = $this->credenciales["usuario"];
// ... más código
}
The question
Are there other measures that could be taken to make this file more secure? What would those measures be?