比在配置文件中以纯文本形式存储 mysql 密码更好的方法?


许多 PHP 程序要求用户将 mysql 密码以纯文本形式(以字符串或常量形式)存储在应用程序根目录的配置文件中,这让我一直困扰.

It's always bothered me that many PHP programs require the user to store the mysql password in plain text (in a string or constant) in a configuration file in the application's root.


Is there any better approach to this after all these years?


So far I have come up with two minimal security boosts:

  1. 使用 .htaccess 中的规则使文件无法通过网络读取(以防php失败或者读取php源码存在安全漏洞)

  1. make the file unreadable via the web using rules in .htaccess (in case php fails or there's a security vulnerability to read php source)


destroy the password in memory after the db connect is made (unset) (to prevent string dumps from a security breach, injection, etc.)


but of course neither of those solve the original problem.


Thanks for any other ideas!


Since your code will need the password there is no perfect security. But you can make it hard to recover.

我在我的网络配置中加入了一些哈希值,作为环境变量,比如 MYSQL_PASS_HASH

I put some hash in my web config, as an environment variable, say MYSQL_PASS_HASH

然后我做一些类似 md5(getenv('MYSQL_PASS_HASH').'gibberish$qwefsdf') 的事情,然后就是密码.当然,如果你是偏执狂,你应该在此之后unsetenv.

Then I do something like md5(getenv('MYSQL_PASS_HASH').'gibberish$qwefsdf') which is then the password. Of course you should unsetenv after that if you're paranoid.


Your password will not literally be stored somewhere, and it can be recovered only when someone has both you web config and your database include.

这发生在 webroot 之外的文件中(不要把你所有的信任都放在 .htaccess 上).

This happens in a file outside of the webroot (don't put all your trust in .htaccess).