Where to store my database connection info

software development


I’ve got a php site that successfully connects with a mysql database on dreamhost, but I need to move the file that stores password info somewhere safer. Right now, I have a file called constants.php that holds the following:

<?php // Database Constants DEFINE("DB_SERVER", "myserver"); DEFINE("DB_USER", "my username"); DEFINE("DB_PASS", "my password"); DEFINE("DB_NAME", "my database"); ?>
I include this file when I need to make a connection. Where should it live? I’ve read that the password info should be stored in a configuration file, but I’m not sure how to make that. I’ve looked in the dreamhost wiki but not finding what I think i need. Thanks


Store it outside of your document root and chmod 400. Use a long, random username and password because anyone can try to brute force into your database by appending dh_phpmyadmin to your domain and be taken straight to an authentication dialogue which has no restrictions on number of tries.