0

We are using an external programmer to implement some code, simply to try and distribute the workload. This project is using online MySQL server, also when we are working on the local files. The MySQL login is stored in a php file. When i share the source code, I would prefer not to share the login information before i trust the external programmer. The site will not run properly without the database access.

What is the smartest way to link to the MySQL database?

So far, I tried uploading the config php file to a url and include that. I found that i could echo file_get_contents('$url'), but that did not do the job. The php.ini is set to allowing external url. I did not find any other relevant suggestions.

Any suggestions?

BR, Emil

Improve this question
17
  • 1
    Why not put the credentials into a seperate file which you don't share? Why not use techinques like dotenv? Commented Dec 21, 2020 at 13:49
  • 2
    🐘If you're just getting started with PHP and want to build applications, I'd strongly recommend looking at various development frameworks to see if you can find one that fits your style and needs. They come in various flavors from lightweight like Fat-Free Framework to far more comprehensive like Laravel. These give you concrete examples to work from and guidance on how to write your code and organize your project's files. Credential storage is a solved problem. Commented Dec 21, 2020 at 13:52
  • 1
    In general database credentials DO NOT EVER GO IN YOUR SOURCE CODE and should NEVER BE CHECKED INTO VERSION CONTROL. You must be vigilant about keeping separation between code and credentials. If you ever mix these together you put yourself at severe risk. An .ini or .env type file that's kept OUTSIDE OF THE WEB ROOT is absolutely a must. Commented Dec 21, 2020 at 13:53
  • 1
    "The php.ini is set to allowing external url." is a super bad idea. Remote code execution is extremely dangerous, and making it easy for people is to invite disaster. Commented Dec 21, 2020 at 13:55
  • 1
    Nothing wrong with getting started. What's important is you adhere to some basic principles here from the start. If you do this you'll have far less to worry about down the road. If you ignore it, you'll have a huge mess on your hands, and in many cases it'll be too late to clean up because you'll already have been attacked and everything's been stolen. This is like learning basic food safety practices or electrical wiring principles. There's a lot of things you just do not do to avoid risks. Commented Dec 21, 2020 at 14:00

1 Answer 1

Reset to default
1

If you are using some version control system (git for example) you shouldn't store logins, passwords, api keys and other sensitive information in your code repository. Files with credentials should be ignored (added to .gitignore).

In this case when you will share your code repository with remote developer, he will not have any information about your production db credentials. (He will use his own local instance of database with his personal credentials)

If you aren't use any version control system (what is not recommended) and share code via archive, for example, you can replace file with credentials with some placeholders and provide instructions for developer how to replace placeholders with his own local credentials.

In both situation very possible you will need to share also a db dump. It will be good if you will have some test db for this purposes.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hi Vladimir. Thanks for taking the time. I am using github for version control but the database is online so i was hoping for a simple method to share the credentials without him being able to actually see them, like pulling an external file from web. But it seems that is not an option - Or at least not a good one, from the comments above. I will rethink the strategy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.