Another Dumb Question
This one is SUPER DUPER quick, I promise.
Is there a more secure way to have a web application/website/etc connect to a database without actually having all of the connection info hard-coded into a function in my class file?
That's, basically, the same function I use to connect to a mysql database in most of the small little applications I write (either for myself or for others), and in being handed the project to re-code my company's website from very very poorly written/hacked together ColdFusion to something with a bit more security in it, I'm trying to be mindful of the obvious things that I've gotten in the habit of doing that could be considered "unsecure".
So, do I have other options on this?
I know MySQL has encryption/decryption functions that I can use when accessing data, and I'm still researching that for other (nefarious *evil cackle*) purposes, but I know there's gotta be something better in PHP too than just keeping all my data unmentionables in a file that someone smarter than me could probably hack.
Is there a more secure way to have a web application/website/etc connect to a database without actually having all of the connection info hard-coded into a function in my class file?
private function _db_connect()
{
$hostname = "hostname";
$username = "username";
$password = "password";
return mysql_connect($hostname, $username, $password);
} //end _db_connect()That's, basically, the same function I use to connect to a mysql database in most of the small little applications I write (either for myself or for others), and in being handed the project to re-code my company's website from very very poorly written/hacked together ColdFusion to something with a bit more security in it, I'm trying to be mindful of the obvious things that I've gotten in the habit of doing that could be considered "unsecure".
So, do I have other options on this?
I know MySQL has encryption/decryption functions that I can use when accessing data, and I'm still researching that for other (nefarious *evil cackle*) purposes, but I know there's gotta be something better in PHP too than just keeping all my data unmentionables in a file that someone smarter than me could probably hack.
