如何在基于 PHP 的典型 CMS 构建中存储数据库凭据?

发布于 2024-07-16 06:19:27 字数 291 浏览 11 评论 0原文

在 CMS 中存储数据库凭据的最佳实践是什么? 现在我在我的数据库单例类中声明它们:

$this->credentials = array("hostname"=>"hostname", "username"=>"username","password"=>"password", "database"=>"database");

但是搜索在哪里更改它们并不那么直观,而且我计划稍后为 cms 制作安装文件。

您在何处以及如何存储您的连接首选项?

What's the best practice to store database credentials in a CMS? Now I declare them in my Database singleton class:

$this->credentials = array("hostname"=>"hostname", "username"=>"username","password"=>"password", "database"=>"database");

But it's not so intuitive to search where to change them and also I'm planning to make install file for cms later.

Where and how do you store your connection preferences?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

云仙小弟 2024-07-23 06:19:27

正如您所提到的,您可以使用单例类或更简单的类。

在我的所有 config.inc.php 文件中,我都有一个标准关联数组。

$config['Main_Database'] = '';
$config['db_user'] = '';
$config['db_pass'] = '';
$config['db_host'] = '';

概念是相同的,您走在正确的轨道上。 让它成为对你来说有意义的东西。 如果有人可以访问您的服务器,无论如何您都会被搞砸,所以就更安全而言,这并不是什么大问题。

至于安装文件,我见过许多应用程序打开配置文件,通过代码调整一些特定部分,然后实际将文件重新写回到服务器(而不是“存储设置”)。 它实现了相同的结果,但通过向导而不是手动完成。

You can use a singleton class, as you mentioned, or something simpler.

In all my config.inc.php files I have a standard associative array

$config['Main_Database'] = '';
$config['db_user'] = '';
$config['db_pass'] = '';
$config['db_host'] = '';

The concept is the same and you're on the right track. Make it something that, as a human, makes sense to you. If someone has access to your server your screwed anyway so it's not a big deal in terms of what is more secure.

As for the install file, I've seen many apps open the config file, adjust a few specific parts via the code and then actually re-write the file back to the server (rather than "store a setting"). It achieves the same result but done through a wizard as opposed to manually.

葬花如无物 2024-07-23 06:19:27

CakePHP 使用一个名为 database.php 的配置文件(在 /app/config/ 中),其中声明了 DATABASE_CONFIG 类:

class DATABASE_CONFIG {

    var $default = array(
        'driver' => 'mysql',
        'persistent' => false,
        'host' => 'localhost',
        'login' => 'user',
        'password' => 'password',
        'database' => 'database_name',
        'prefix' => '',
    );

    var $test = array(
        'driver' => 'mysql',
        'persistent' => false,
        'host' => 'localhost',
        'login' => 'user',
        'password' => 'password',
        'database' => 'test_database_name',
        'prefix' => '',
    );
}

这创建了一个位置,用户可以在其中设置所有数据库配置,而直观的目录结构使数据库位置一目了然配置被存储。 您还可以为生产、开发和测试目的指定多种配置,并且可以轻松切换。

CakePHP uses a config file called database.php (in /app/config/), in which a DATABASE_CONFIG class is declared:

class DATABASE_CONFIG {

    var $default = array(
        'driver' => 'mysql',
        'persistent' => false,
        'host' => 'localhost',
        'login' => 'user',
        'password' => 'password',
        'database' => 'database_name',
        'prefix' => '',
    );

    var $test = array(
        'driver' => 'mysql',
        'persistent' => false,
        'host' => 'localhost',
        'login' => 'user',
        'password' => 'password',
        'database' => 'test_database_name',
        'prefix' => '',
    );
}

This creates a single place where the user can set all their database configurations while the intuitive directory structure makes it obvious where database configurations are stored. And you can also specify multiple configurations for production, development, and testing purposes, which are easy to switch between.

神仙妹妹 2024-07-23 06:19:27

作为一般规则,我不会将凭据直接放入源代码中,而是将它们存储在配置文件中。 这使得更改它们变得更加容易,例如,当您从开发计算机移动到测试计算机时,测试计算机可能(应该)连接到不同的数据库。

该配置文件应存储在 webroot 目录之外的某个位置。

您还可以以某种方式对密码进行加密,以提高安全性,以防配置文件被泄露。 另一方面,如果有人物理访问您的服务器,无论如何您都会被搞砸,所以这可能不值得。

As a general rule, I don't put credentials directly into the source code, but store them in configueration files. That makes it much easier to change them, for example when you are moving from your development machine to the test machine, which may (should) connect to a different database.

This configuration file should be stored somewhere outside the webroot directory.

You can also encrypt the password in some way, to have a little more security in case the config file does get compromised. On the other hand, if somebody gets physical access to your server, you're screwed anyway, so it may not be worth it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文