Joseph Saunders Joseph Saunders - 6 months ago 8
SQL Question

How To Make A .ini File Secure When Reading To It From PHP

I'm creating a website that uses php and mysql. I keep all my mysql access data in a ini file called "config.ini". This file needs to be secure so malicious users cannot get access to mysql access data. The problem occors when a php tries to access it as it access it as the user "www-data" which is not a root user is denies the request. If I then allow permission to "www-data" via the this command.

sudo chown -R root:www-data config.ini
sudo chmod -R g+s config.ini


Any user can view it by typing in the website address and /config.ini as apache accesses it through the same user, NOT SECURE.

PHP CODE

$conf = parse_ini_file('config.ini');
$conn = mysqli_connect($conf["host"], $conf["user"], $conf["password"], $conf["database"]);


Any suggestions welcome and in advance thank you.

FULL ANSWER

1)Place config.ini under a directory that is outside the webroot.

2)Create a group with "www-data" in it using this command.

sudo chown root:www-data config.ini


3) Give it access to read using this command.

sudo chmod 640 config.ini


4)Access it normally in php but use ../ to direct to the new location.

Answer

If you're concerned about malicious access, which of course is a good thing to be concerned about, make sure your .ini file is not in any directory that your web server is configured to serve from. That is, make absolutely sure this is outside the web-root of your site.

Secondly, you can usually configure your web server to refuse to serve .ini files. You'll also want to ensure that things like directory indexes are turned off so people can't poke around.

Comments