Where it would be appropriate to locate the login and the password from the OBD in the PHP when writing API

emran

Where would it be appropriate to locate the login and the password from the OBD in the PHP when writing API?

I put login and password in:

public_html ----|
                |
                |-API --- api.php

And I'm afraid they'll steal it from there somehow. Where would it be right to have a password and a logic from the OBD?

guilherme

If you have a server and php The interpreter,, the code will not make any mistakes and/or show the wrongs will be turned off.

I, for example, follow this structure in my projects:

/var/www/vhosts/site.ru/
                       - htdocs // веб директория
                           - index.php // один входной файл
                       - protected // не доступная из вне директория с кодом
                       - vendor // библиотеки

UPD

There are only two options that come to mind:

1. If someone has access to the server.ftp♪ ssh etc.)
2. If the server is bad and the interpreter falls down, it's possible to show php Like a browser text.

Also, close remote access to the OBD. Local access only or authorized IP addresses. If you need to get involved remotely, you'll have to reach the top. ssh Tunel.