[nycphp-talk] Where to store credentials and/or keys
Chris Shiflett
shiflett at php.net
Mon Aug 14 14:36:19 EDT 2006
Aaron Fischer wrote:
> One issue is regarding where to store MySQL database credentials
[SNIP]
> One solution recommended is to store code such as database
> credentials in a folder that is outside of the document root
> on the web server.
I wouldn't call this a solution, since it doesn't address the shared
hosting concerns at all, but includes should be kept outside of document
root anyway. Document root is for public resources that require their
own URL.
> I now have security books from Shiflett
Check out Chapter 8. It's all about shared hosting and addresses this
particular problem. It's also covered in the PHP Cookbook.
If you own neither, I have an old article on my web site that explains
it briefly (near the end):
http://shiflett.org/articles/security-corner-mar2004
Hope that helps.
Chris
--
Chris Shiflett
Principal, OmniTI
http://omniti.com/
More information about the talk
mailing list