Safe MySQL Password On Shared Hosting
Solution 1:
I'm not sure how this works really as I haven't tried it, but learned about it the other day so I thought I'd share.
With GoDaddy, you can point your primary domain name at a sub-directory, therefore creating a new document root before it, so to speak. This may not be the case for other hosts but worth checking.
For example, create a new directory called 'application' in your root directory, upload your application's files there and point your primary domain there (You may need to remove the domain name first and then add it again with the specified directory). You can then include files - your database credentials for example - from before your new document root, which is now not available to the public but available to your application.
NEW STRUCTURE
DB Credentials:
/home/www/html/someSite/dbCredentials.php
Your Website (where primary domain is now pointed):
/home/www/html/someSite/application/index.php
EXAMPLE:
In dbCredentials.php add your credentials:
<?php
$strHostName = “10.10.10.10”;
$strDbName = “dbname”;
$strUserName = “dbuser”;
$strPassword = “xxx***xxx”;
?>
On your web page, include the file and use variables as normal:
<?php
require_once ('/home/www/html/someSite/dbCredentials.php');
$db_found = new PDO("mysql:host=$strHostName..........);
?>
SOURCE:
If you try it, let me know how it goes.
Solution 2:
The password will be stored in your php files and therefore not accessible through a HTTP request even if those files are located under public_html file.
Being on a shared host expose you to the possibility that someone using the same hosting server might be able to get access to your files but I assume your hosting company did everything they have to do in order to restrict access to files intra-customers.
That said, you still need to protect your html files with a password, otherwise anyone would be able to gain access to your database information.
Post a Comment for "Safe MySQL Password On Shared Hosting"