Joe
I am writing a PHP script that connects to the DB to manipulate data. And it has to be a daily task done automatically (cron job). I was wondering if it is safe to write sensitive info (username, password) inside the script. How easily can an intruder get access to this script?
And in case it isn't safe, what are the best practices to be implemented, since, obviously, having the admin input the password every day manually is not an option.
Thanks
Kassem
create a config.php file in which you write all the login information and then require_once() this config file. That's safe enough I guess... If there is going to be any users using the database then make sure you clean everything being inserted to the database before executing the query... just my 2 cents :)
samer
Make sure to set the correct permissions are set on the config file. You wouldn't want to give your group read access (unless Apache runs under a different user, you would have to create an exception).
nuclearcat
use TLS
LB1938
This all depends on how well you've configured your server in terms of security in the first place. Yet I'd simply suggest you stay on the safe side and just _don't_ store such data in clear-text.