[PHP] Hard coding in an Admin Account

R

ROSEBLOOD

Baseband Member
Messages
46
Is it safer to hard code an Admin account into the page, or should I just add it into the MySQL DB? I'm just looking at what will be more secure. ~ROSEBLOOD
 
Could you be a little more specific? Are you talking about embedding a password into a PHP page or the DB?
 
I think you would be better off adding it into the DB. If somebody reverse-engineers your page somehow then your admin details are freely available to them plus you can change it in the DB without having to change the source code in your page. Its better to use the db for both security and convenience issues.
 
rot13 said:
I think you would be better off adding it into the DB. If somebody reverse-engineers your page somehow then your admin details are freely available to them plus you can change it in the DB without having to change the source code in your page. Its better to use the db for both security and convenience issues.
Click to expand...

Maybe, but if someone "reverse engineered" you'r page, which was logging into a mySQL DB, then they would have the username and password to login to the database, which contained the Admin Password or w/e.. (but i do agree with you, a DB would be better)
 
I have the Admin account in the PHP code. I was thinking about it and figured that embedding it into the code would be more secure since i couldn't think of an easy way to extract the name and password.

I'll add it to the DB. Thanks guys

~ROSEBLOOD
 
How could they not extract it, all you need to do it view the page source and all the information would be there.. ?
 
Not if it's PHP. PHP is Server side, so you cant view the source code. All you would get would be HTML.
 
either way is just as secure

if you put it in the php source code, it's not displayed to the user, (unless there is an error and it displays source code).

if you have the admin account in a DB you still have to have the db password in the php, so the password is still just as exposed to any 'hacker' who would have got the password by reading your source code anyway, because by the time they've seen the source, they seen all the code and know the DB passwords and how to get the passwords from the DB

storing the password in the DB is a lot more convenient.
 
I agree with root, however there are the points below:

If you hard code it into the script, this is only ideal for 1 - 5 users and won't be updated hardly every and it's slightly easier, however the database method would be from 5+ members and is alot easier to update, however will take a little more code to do things like:
PHP: 
$name = mysql_real_escape_string($_POST['name']);

Hope this helps..
 
You must log in or register to reply here.

Similar threads

grantheo
Asking for your feedback on a PHP code security scanner in beta
Replies
1
Views
852
grantheo
grantheo
R
Cosmesity changes
Replies
0
Views
277
Rustyz
R
R
Help for my homelab
Replies
1
Views
581
PP Mguire
PP Mguire
I
Greetings, new here!
Replies
2
Views
534
grantheo
grantheo
lionelwhereareyou
Using an online filing cabinet?
Replies
4
Views
693
fusionha
F
Back
Top Bottom