security - The right way to create a config.php -



security - The right way to create a config.php -

at moment placing config.php file in include folder on apache server, gives me easy access file, having write directory path. assume thought since secure , not reachable outside public root folder.

i never told how create config.php file improvised, seems may have been done wrong way.. (not secure now). began search tutorials on how build these config files right way, each , every tutorial had own way it.. did using arrays.. did defining configuration variables.. others using class.. there may not right way, want secure , functional scheme work, , don't care how advanced going be..

this current config file.. should see not secure in way, cause might able echo variables , read connection.

<? $main_host = 'db01.server.local'; // there may db02, db03 etc. $main_psw = '********'; $main_host_end = '.server.local'; // makes possible me connect different datastore knowing subdomain. // *** users *** // $w_user = 'w_user'; $xr_user = 'xr_user'; $r_user = 'r_user'; $w_server = 'w_server'; $w_db_admin = 'dbw_admin'; // *** databases *** // $db_accounts = 'accounts'; $db_server = 'server_setup'; // *** db accounts *** // seek { $w_accounts = new pdo("mysql:host=$main_host;dbname=$db_accounts", $w_user, $main_psw); $w_accounts->setattribute(pdo::attr_errmode, pdo::errmode_exception); } catch(pdoexception $e) { echo 'error: ' . $e->getmessage(); } seek { $r_accounts = new pdo("mysql:host=$main_host;dbname=$db_accounts", $r_user, $main_psw); $r_accounts->setattribute(pdo::attr_errmode, pdo::errmode_exception); } catch(pdoexception $e) { echo 'error: ' . $e->getmessage(); } // *** db server setup *** // seek { $w_server = new pdo("mysql:host=$main_host;dbname=$db_server", $w_user, $main_psw); $w_server->setattribute(pdo::attr_errmode, pdo::errmode_exception); } catch(pdoexception $e) { echo 'error: ' . $e->getmessage(); } seek { $r_server = new pdo("mysql:host=$main_host;dbname=$db_server", $r_user, $main_psw); $r_server->setattribute(pdo::attr_errmode, pdo::errmode_exception); } catch(pdoexception $e) { echo 'error: ' . $e->getmessage(); } ?>

so.. inquire question directly. right way create config.php file? hope other people find useful know.

edit should mension might not all.. may have farther connections make.. not accounts , server_setup

first, never ever echo exception messages in production, instead set them readable logfile.

if @ many mvc frameworks, php config files consist of array, returned @ end of file.

limiting access these config files can done via .htaccess "deny all"

php security include config

Comments

Post a Comment

Popular posts from this blog

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer -

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer - when trying request rest service @ time of response getting exception.. feb 21, 2013 2:34:49 pm com.sun.jersey.spi.container.containerresponse mapmappablecontainerexception severe: exception contained within mappablecontainerexception not mapped response, re-throwing http container java.lang.noclassdeffounderror: not initialize class net.sf.cglib.proxy.enhancer @ org.hibernate.proxy.pojo.cglib.cgliblazyinitializer.getproxyfactory(cgliblazyinitializer.java:117) @ org.hibernate.proxy.pojo.cglib.cglibproxyfactory.postinstantiate(cglibproxyfactory.java:43) @ org.hibernate.tuple.entity.pojoentitytuplizer.buildproxyfactory(pojoentitytuplizer.java:162) @ org.hibernate.tuple.entity.abstractentitytuplizer.<init>(abstractentitytuplizer.java:135) @ org.hibernate.tuple.entity.pojoentitytuplizer.<init>(pojoentitytuplizer.java:55) @ org.hibernate.tuple.e...
Read more

Accessing MATLAB's unicode strings from C -

Accessing MATLAB's unicode strings from C - how can access underlying unicode info of matlab strings through matlab engine or mex c interfaces? here's example. let's set unicode characters in utf-8 encoded file test.txt, read as fid=fopen('test.txt','r','l','utf-8'); s=fscanf(fid, '%s') in matlab. now if first feature('defaultcharacterset', 'utf-8') , c engevalstring(ep, "s") , output text file utf-8. proves matlab stores unicode internally. if mxarraytostring(enggetvariable(ep, "s")) , unicode2native(s, 'latin-1') give me in matlab: non-latin-1 characters replaced character code 26. need getting access underlying unicode info c string in unicode format (utf-8, utf-16, etc.), , preserving non-latin-1 characters. is possible? my platform os x, matlab r2012b. addendum: documentation explicitly states "[mxarraytostring()] supports multibyte encoded characters...
Read more

javascript - mongodb won't find my schema method in nested container -

javascript - mongodb won't find my schema method in nested container - i trying access method of schema stored within mixed container. here situation : have cases model can many different things, have schema each of these things stored in "casecontent" mixed property. var caseschema = mongoose.schema({ casecontent : {}, object : {type:string, default : "null"}, collision : {type : boolean, default : false} }); the casecontent property filled model of 1 of schemas, 1 exemple : var treeschema = new mongoose.schema({ applecount : {type : number, default : 3} }); treeschema.methods.dostuff = function (data) { console.log('hey, listen'); homecoming true; }; then, want utilize method of schema original container : caseschema.methods.dostuff = function (data) { if (this.casecontent.dostuff !== undefined) { this.casecontent.dostuff(); console.log('it worked'); } else { ...
Read more