dongtong2021 2017-11-02 14:08 采纳率: 0%
浏览 120
已采纳

PHP:在.ini文件中存储敏感信息是好还是坏的方法?

I'm confused about something and need some explanations.

In my practice I normaly see that 90% of PHP developers all sensitive informations like database connections, FTP, SMTP setup etc. store inside some variable, array, objects or constants.

I wonder now is better to use some ini file out of rootand store there? Or is better to hide somewhere .ini file and denay access via .htaccess?

Generaly, I want to save that sensitive data on most secure way.

  • 写回答

2条回答 默认 最新

  • douan0729 2017-11-02 14:19
    关注

    There is no perfectly safe choice, but some are better than others.

    Don't save sensitive information in your project's source code -- you don't want your passwords and API keys on github.

    Saving sensitive information in a database is fine, but then you still need somewhere to store the database credentials, and you're right back where you started.

    You can save sensitive information in environment variables. These would usually be set up in your web server's configuration file(s).

    Saving sensitive information in an ini file is fine, provided the following:

    • The file has the minimal permissions required.
    • The file is completely outside the web server's document root and thus can't ever be served directly. Don't put the file in your main directory and then use .htaccess to deny access to it.
    • The file is not committed to source control. If you're using git, edit your .gitignore so that the file is ignored.

    These should also go without saying:

    • The user account running the web server process should never have write permission to the files it's serving.
    • Other non-privileged users on the machine running the web server process should not have read access to the files it's serving.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?