I have recently done security audit of my website coded in php. Security audit report has suggested not save hard-coded credentials in config file on web hosting.
How can i store it at some other place for protecting it
Protecting config file of web hosting
240 Views Asked by syed mujadid At
1
There are 1 best solutions below
Related Questions in PHP
- How to add the dynamic new rows from my registration form in my database?
- Issue in payment form gateway
- How to create a facet for WP gridbuilder that displays both parent and child custom fields?
- Function in anonymous Laravel Blade component
- How to change woocomerce or full wordpress currency with value from USD to AUD
- General questions about creating a custom theme Moodle CMS
- How to add logging to an abstract class in php
- error 500 on IIS FastCGI but no clue despite multiple error loggings activated
- Composer installation fails and reverts ./composer.json and ./composer.lock to original content
- How to isolate PHP apps from each other on a local machine(Windows or Linux)?
- Laravel: Using belongsToMany relationship with MongoDB
- window.location.href redirects but is causing problems on the webpage
- Key provided is shorter than 256 bits, only 64 bits provided
- Laravel's whereBetween method not working with two timestamps
- Implementing UUID as primary key in Laravel intermediate table
Related Questions in PASSWORDS
- Forgotten RAR password recovery
- I'm unable to access 'https://github.com/Danniecodjoe/alx-system_engineering-devops.git/':
- How to get new text input after entering a password in a tab?
- invalid application password of gmail
- Auto-complete doesn't work on Chrome or Edge
- Decrypting Magento 2 customer passwords using email for migration to Shopify
- In two subversion repositories (same machine), can I have different usernames with no password prompting?
- Store website username/password on Elinks for Ubuntu
- Sending Password to a PHP Script
- "error": "The public key is required. Visit https://dashboard.emailjs.com/admin/account"
- im stuck trying to guess a password to a server im accessing through netcat for a ctf
- Hashcat / John the Ripper - find password when you know most of password but don't remember the sequence
- Hashing the password if it is not hashed in django
- How do I change I change my redis docker containers password?
- How to detect password protected file in Angular 14+ without using Promise calls
Related Questions in CONFIG
- Setting up the version control of .dotfiles while the .config is connected to a forked repo
- Filter input metrics in vmagent (prometheus)
- Can't remotely connect to my postgresql database on digitalocean
- jest config - Cannot find module
- Too many levels of symbolic links nvim
- How can I fix nginx to run my react website?
- Configuring NGINX and OCSP Dedicated Private Server
- BizTalk is picking up the machine.config file instead of the External config file in BizTalk Configuration File Configuration file
- Buffer viewer says "failed to load config file" in Tosca Commander
- Cludflare ssl/tls nginx "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" Error
- Connection Strings in different .NET versions config
- TWA app crash because of java.lang.ClassNotFoundException: Didn't find class "androidx.browser.trusted.LauncherActivity"
- Brownie cannot get networks via alchemy in project brownie-config.yaml
- How to reset device setting in a single test in Playwright
- "Uncaught Error: Config file /config/runtime.json cannot be read." in console
Related Questions in CREDENTIALS
- what really controls the permissions: UID or eUID?
- Error on Google Sign In CredentialManager, using Jetpack Compose
- Windows Custom Credential Provider is not displaying tile on logon for all users in a pc
- How do I list which Jenkins credentials used per pipeline in the script console?
- How to correctly implement passkeys for web?
- Chrome flag #filling-across-affiliated-websites vs #filling-across-grouped-sites
- mail jakarta send whit proxy
- multiple azure chatbots doesn't authenticate
- Access AWS Secrets Manager with IMDSv2 set to required
- I'm using NextJs with Auth.Js version 5, How can I retrive the access_token upon sign in so as to make further API calls
- I want to convert the encrypted user login creds to tamil language and store in mysqll db
- Install a private package with credentials from requirements.txt
- Access a UNC path with .NET Core Web API
- Error retrieving files from sharepoint via python
- PayPal bearer resets after x amount of seconds
Related Questions in HARDCODED
- How to elegantly check null check for java method parameter?
- Where is the best place to define a big list of hard coded key-value pairs in Java?
- HARDCODED_CREDENTIALS warning with OS environment variables file when using Coverity Scan
- How to convert script into a hard coded version of it in Tcl language?
- How to safely hardcode an authentication token within an application code - Java
- how to return an array as many times as you need
- How can I avoid sending hardcoded values to mySQL database
- How to avoid a hardcoded IP address in React JS
- Avoid hardcoding in select clause
- Can hard-code address and manually assign it to a pointer?
- Protecting config file of web hosting
- Function in pytest file works only with hard coded values
- Finding hardcoded string in React Native (using WebStorm)
- How to reduce the number of if-else statements (e.g. avoid hardcoding values)?
- TemplateSyntaxError at /music/ Invalid block tag on line 6: 'path', expected 'empty' or 'endfor'. Did you forget to register or load this tag?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Determine what your case. Many way to protect the configurations files, depending of your requirements.
But - NO SYSTEM IS SAFE
When you have custom code (eg: not to use such a full framework) that you created custom config files. You could include outside of your public directory on web hosting panel / public root directory.
Depending on shared hosting use apache (based) as their web server, you could use .htaccess to set important environment, for example:
And the other one is, make your files hidden and disable access / forbid the dot file, eg:
and disable access to all hidden files on htaccess file.
Back to It depends on your needs. Configuration files can be safe as long as you do your best to keep your code as bug-free as possible.