Local vs. hosted connection [message #176973] |
Sat, 11 February 2012 17:17 |
Aul
Messages: 7 Registered: December 2011
Karma: 0
|
Junior Member |
|
|
Greetings, fine denizens. I've made significant progress in my project
since my first post here some time ago, and I have a question related to
a chunk of code I developed to simplify connection to my database.
Locally, I need one set of parameters, but after uploading the pages to
my web host, I need a different set of connection parameters.
Initially, I simply edited the file after uploading it, but that got
tiresome quickly, so I came up with the following, which sends the
correct parameters based on the SERVER_NAME value:
<?php
// Define application constants.
define('HOSTED', ($_SERVER['SERVER_NAME']=='localhost') ? false : true);
// Open the database.
$db = open_db(HOSTED);
if ($db) {
// Do stuff
}
function open_db($hosted = false) {
// Define connection values.
if ($hosted) {
$host = (string) [url=mywebhost.com]mywebhost.com[/url];
$user = (string) [url=mywebhost_username]mywebhost_username[/url];
$pass = (string) [url=mywebhost_password]mywebhost_password[/url];
$data = (string) [url=mywebhost_mysql_database]mywebhost_mysql_database[/url];
$port = (int) [url=mywebhost_port]mywebhost_port[/url];
} else {
$host = "localhost";
$user = (string) [url=localhost_usename]localhost_usename[/url];
$pass = (string) [url=localhost_password]localhost_password[/url];
$data = (string) [url=localhost_mysql_database]localhost_mysql_database[/url];
$port = (int) [url=localhost_port]localhost_port[/url];
}
// Execute connection string.
$db = mysqli_connect($host, $user, $pass, $data, $port);
// Stop script if connection fails.
if (mysqli_connect_errno()) {
printf("Connection failed: %s\n", mysqli_connect_error());
exit();
} else {
return($db);
}
}
?>
The cast double brackets are simply placeholders I put here in this post
to indicated where I have coded my actual parameters in the indicated
type. (I left "localhost" as it is.)
My question is this: is all this secure on the Web, or is there a way
for someone to remotely acquire such stored connection parameters?
|
|
|
Re: Local vs. hosted connection [message #176975 is a reply to message #176973] |
Sat, 11 February 2012 19:46 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 2/11/2012 12:17 PM, Aulë wrote:
> Greetings, fine denizens. I've made significant progress in my project
> since my first post here some time ago, and I have a question related to
> a chunk of code I developed to simplify connection to my database.
> Locally, I need one set of parameters, but after uploading the pages to
> my web host, I need a different set of connection parameters. Initially,
> I simply edited the file after uploading it, but that got tiresome
> quickly, so I came up with the following, which sends the correct
> parameters based on the SERVER_NAME value:
>
> <?php
>
> // Define application constants.
> define('HOSTED', ($_SERVER['SERVER_NAME']=='localhost') ? false : true);
>
> // Open the database.
> $db = open_db(HOSTED);
> if ($db) {
> // Do stuff
> }
>
> function open_db($hosted = false) {
>
> // Define connection values.
> if ($hosted) {
> $host = (string) [url=mywebhost.com]mywebhost.com[/url];
> $user = (string) [url=mywebhost_username]mywebhost_username[/url];
> $pass = (string) [url=mywebhost_password]mywebhost_password[/url];
> $data = (string) [url=mywebhost_mysql_database]mywebhost_mysql_database[/url];
> $port = (int) [url=mywebhost_port]mywebhost_port[/url];
> } else {
> $host = "localhost";
> $user = (string) [url=localhost_usename]localhost_usename[/url];
> $pass = (string) [url=localhost_password]localhost_password[/url];
> $data = (string) [url=localhost_mysql_database]localhost_mysql_database[/url];
> $port = (int) [url=localhost_port]localhost_port[/url];
> }
>
> // Execute connection string.
> $db = mysqli_connect($host, $user, $pass, $data, $port);
>
> // Stop script if connection fails.
> if (mysqli_connect_errno()) {
> printf("Connection failed: %s\n", mysqli_connect_error());
> exit();
> } else {
> return($db);
> }
>
> }
> ?>
>
> The cast double brackets are simply placeholders I put here in this post
> to indicated where I have coded my actual parameters in the indicated
> type. (I left "localhost" as it is.)
>
> My question is this: is all this secure on the Web, or is there a way
> for someone to remotely acquire such stored connection parameters?
If it's outside the DOCUMENT_ROOT so no one can download it, it's
secure. Otherwise a server misconfiguration can expose you errors.
Why not just include a configuration file on both systems, each with the
appropriate settings? Much cleaner and less error prone.
BTW - unless you are the domain owner for mywebhost.com, you should not
be using their name. Instead, use example.com, example.org, etc., which
have been specifically reserved for such uses.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
Re: Local vs. hosted connection [message #176976 is a reply to message #176975] |
Sun, 12 February 2012 15:50 |
Aul
Messages: 7 Registered: December 2011
Karma: 0
|
Junior Member |
|
|
On 2/11/2012 2:46 PM, Jerry Stuckle wrote:
>
> If it's outside the DOCUMENT_ROOT so no one can download it, it's
> secure. Otherwise a server misconfiguration can expose you errors.
Nice. Okay.
> Why not just include a configuration file on both systems, each with the
> appropriate settings? Much cleaner and less error prone.
Are you referring to a PHP.INI? If so, I wasn't aware that I could do
so on the host. That would definitely simplify some things.
> BTW - unless you are the domain owner for mywebhost.com, you should not
> be using their name. Instead, use example.com, example.org, etc., which
> have been specifically reserved for such uses.
I have no explanation for {not} thinking "mywebhost" wouldn't be an
actual site. That is excellent information about "example" domains.
TYVM.
|
|
|
Re: Local vs. hosted connection [message #176977 is a reply to message #176976] |
Sun, 12 February 2012 16:13 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 2/12/2012 10:50 AM, Aulë wrote:
> On 2/11/2012 2:46 PM, Jerry Stuckle wrote:
>>
>> If it's outside the DOCUMENT_ROOT so no one can download it, it's
>> secure. Otherwise a server misconfiguration can expose you errors.
>
> Nice. Okay.
>
>> Why not just include a configuration file on both systems, each with the
>> appropriate settings? Much cleaner and less error prone.
>
> Are you referring to a PHP.INI? If so, I wasn't aware that I could do so
> on the host. That would definitely simplify some things.
>
No, I'm referring to your own configuration file. Your file; include it
where you need the information in it. Call it conf.php or whatever; it
keeps server-specific information in it.
>> BTW - unless you are the domain owner for mywebhost.com, you should not
>> be using their name. Instead, use example.com, example.org, etc., which
>> have been specifically reserved for such uses.
>
> I have no explanation for {not} thinking "mywebhost" wouldn't be an
> actual site. That is excellent information about "example" domains.
>
> TYVM.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
Re: Local vs. hosted connection [message #176981 is a reply to message #176977] |
Mon, 13 February 2012 12:56 |
bill
Messages: 310 Registered: October 2010
Karma: 0
|
Senior Member |
|
|
On 2/12/2012 11:13 AM, Jerry Stuckle wrote:
> On 2/12/2012 10:50 AM, Aulë wrote:
>> On 2/11/2012 2:46 PM, Jerry Stuckle wrote:
>>>
>>> If it's outside the DOCUMENT_ROOT so no one can download it, it's
>>> secure. Otherwise a server misconfiguration can expose you
>>> errors.
>>
>> Nice. Okay.
>>
>>> Why not just include a configuration file on both systems,
>>> each with the
>>> appropriate settings? Much cleaner and less error prone.
>>
>> Are you referring to a PHP.INI? If so, I wasn't aware that I
>> could do so
>> on the host. That would definitely simplify some things.
>>
>
> No, I'm referring to your own configuration file. Your file;
> include it where you need the information in it. Call it conf.php
> or whatever; it keeps server-specific information in it.
example:
<?
error_reporting(E_ALL); // of course you put this in for testing
require ("myconf.php"); // different on the server and for testing
>
>>> BTW - unless you are the domain owner for mywebhost.com, you
>>> should not
>>> be using their name. Instead, use example.com, example.org,
>>> etc., which
>>> have been specifically reserved for such uses.
>>
>> I have no explanation for {not} thinking "mywebhost" wouldn't
>> be an
>> actual site. That is excellent information about "example"
>> domains.
>>
>> TYVM.
>
>
|
|
|
Re: Local vs. hosted connection [message #176982 is a reply to message #176981] |
Mon, 13 February 2012 13:26 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 2/13/2012 7:56 AM, bill wrote:
> On 2/12/2012 11:13 AM, Jerry Stuckle wrote:
>> On 2/12/2012 10:50 AM, Aulë wrote:
>>> On 2/11/2012 2:46 PM, Jerry Stuckle wrote:
>>>>
>>>> If it's outside the DOCUMENT_ROOT so no one can download it, it's
>>>> secure. Otherwise a server misconfiguration can expose you
>>>> errors.
>>>
>>> Nice. Okay.
>>>
>>>> Why not just include a configuration file on both systems,
>>>> each with the
>>>> appropriate settings? Much cleaner and less error prone.
>>>
>>> Are you referring to a PHP.INI? If so, I wasn't aware that I
>>> could do so
>>> on the host. That would definitely simplify some things.
>>>
>>
>> No, I'm referring to your own configuration file. Your file;
>> include it where you need the information in it. Call it conf.php
>> or whatever; it keeps server-specific information in it.
>
> example:
> <?
> error_reporting(E_ALL); // of course you put this in for testing
No, this is in the php.ini file, not the code. Of course it will be
different in your development and production systems, but should never
be set in a production system (at least not for very long).
The only time I enabled error_reporting on a production system was to
troubleshoot what ended up being a server configuration problem.
> require ("myconf.php"); // different on the server and for testing
>
>
>>
>>>> BTW - unless you are the domain owner for mywebhost.com, you
>>>> should not
>>>> be using their name. Instead, use example.com, example.org,
>>>> etc., which
>>>> have been specifically reserved for such uses.
>>>
>>> I have no explanation for {not} thinking "mywebhost" wouldn't
>>> be an
>>> actual site. That is excellent information about "example"
>>> domains.
>>>
>>> TYVM.
>>
>>
>
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|