Where it would be appropriate to locate the login and the password from the OBD in the PHP when writing API



  • Where would it be appropriate to locate the login and the password from the OBD in the PHP when writing API?

    I put login and password in:

    public_html ----|
                    |
                    |-API --- api.php
    

    And I'm afraid they'll steal it from there somehow. Where would it be right to have a password and a logic from the OBD?



  • If you have a server and php The interpreter,, the code will not make any mistakes and/or show the wrongs will be turned off.

    I, for example, follow this structure in my projects:

    /var/www/vhosts/site.ru/
                           - htdocs // веб директория
                               - index.php // один входной файл
                           - protected // не доступная из вне директория с кодом
                           - vendor // библиотеки
    

    UPD

    There are only two options that come to mind:

    1. If someone has access to the server.ftpssh etc.)
    2. If the server is bad and the interpreter falls down, it's possible to show php Like a browser text.

    Also, close remote access to the OBD. Local access only or authorized IP addresses. If you need to get involved remotely, you'll have to reach the top. ssh Tunel.


Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2