php - a better approach than storing mysql password in plain text in config file?

Question

It's always bothered me that many PHP programs require the user to store the mysql password in plain text (in a string or constant) in a configuration file in the application's root.

Is there any better approach to this after all these years?

So far I have come up with two minimal security boosts:

1. make the file unreadable via the web using rules in .htaccess (in case php fails or there's a security vulnerability to read php source)

2. destroy the password in memory after the db connect is made (unset) (to prevent string dumps from a security breach, injection, etc.)

but of course neither of those solve the original problem.

Thanks for any other ideas!

Answer 1

Personally, I store sensitive information such as database connection details in a config.ini file outside of my web folder’s root. Then in my index.php I can do:

$config = parse_ini_file('../config.ini');

This means variables aren’t visible if your server accidentally starts outputting PHP scripts as plain text (which has happened before, infamously to Facebook); and only PHP scripts have access to the variables.

It’s also not reliant on .htaccess in which there’s no contingency if your .htaccess file is moved or destroyed.

Caveat, added 14 February 2017: I’ll now store configuration parameters like this as environment variables. I’ve not used the .ini file approach for some time now.