اخواني المبرمجون الأعزاء
أريد من الاخوة المبرمجون يهتمون بهذا الموضوع وكل شخص يأتي بحيلة في برمجته أو أسلوب تعامله مع السيرفرات المختلفة لمراعاة الأمنية
شاهدت في موقع php.net مقال وأردت أن أنقله هنا وأيضاً أنتظر الاخوة المصممين بأن يأتونا بحيلهم حين البرمجة والتصميم وطرق تعاملهم مع السيرفرات لتأمين الأمنية بأعلى درجته
هذا وتقبلوا تحياتي
The best way to store Database Passwords and other private information is to store it in a file -OUTSIDE- of the Document Root, and then include() or require() it from that location. PHP's include() and require() do not require to the files it's attempting to read to be in the document path. However for the Web Server to serve up a regular text/html document, it must be in the Document Path. Thus preventing anyone from intentionally or accidently reading your PHP source if the extension is not handled by your Web Server.
It does however require whatever user the PHP Web Server is running as have read access to that directory/file. For added security, I suggest setting the permissions on the file to 700 and the user to whatever the Web Server is running as. This way only the web server itself can read this file, and no one else on the server can read it.
For example, if your Document Path is /home/username/htdocs, create a directory called /home/username/private. Copy all of your files holding Database Passwords or anything you'd rather not have users stumbling apon into the private directory. Then on the directory and the files inside, set the bits to 700, and chown it to your Web Server's user.
Then use
require("/home/username/private/config.php")
instead of
require("/home/username/htdocs/config.php")
