php - How do I make my database connection secure?

Question

I'm currently working on a website for my church's college group, and am started to get a little worried about the security of what I'm writing. For instance, I use this function:

function dbConnect() 
  {
  global $dbcon;

  $dbInfo['server'] = "localhost";
  $dbInfo['database'] = "users";
  $dbInfo['username'] = "root";
  $dbInfo['password'] = "password";

  $con = "mysql:host=" . $dbInfo['server'] . "; dbname=" . $dbInfo['database'];
  $dbcon = new PDO($con, $dbInfo['username'], $dbInfo['password']);
  $dbcon->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $error = $dbcon->errorInfo();

  if($error[0] != "") 
    {
    print "<p>DATABASE CONNECTION ERROR:</p>";
    print_r($error);
    }
  }

to connect to the database whenever I do a query of some sort. I always use the PDO prepared statements to prevent SQL injection from any user input, and I use htmlspecialchars to escape before outputting. My question is this: How do I protect my username and password for my database? I don't know if someone can view the source for my PHP files, but if they could, I can only imagine I would be hosed. What do I do?

Answer 1

Ok, this needs some clarification. Some have suggested that you put sensitive data outside the document root. This has some merit but is more placebo than anything else in practicality.

You have to consider potential sources of problems.

• Someone with shell access to the machine will compromise your database connection information regardless of where you put it. This can include both authorized users and those who exploit a vulnerability to get shell access (this has happened a lot);

• If PHP is disabled or the Web server is fooled into thinking it is then there is the possibility that PHP files are served in raw form. Putting them outside the document root will protect you against this;

• If someone somehow manages to write a PHP script to the document root, it's basically the same as someone having shell access so no measure will protect you.

Practically, if your Web server is compromised it is, the cases where your config files are outside the document root will protect you are fairly unlikely.

The main point of security with databases is to ensure that someone from the internet can't connect directly. This can be done with a firewall, binding the database to a private IP address or putting the database on a private server.