Posted by news on 06/18/07 11:31

We currently have our mySQL server on the same box as the Apache
server.
For security and load balancing, we're going to be moving the mySQL
server to another box.
We're already using a single included connection file in all of our PHP
pages that has the server, username, password line that connects to the
database.

Aside from changing "localhost" to the IP/port number of the new
server, what else should be done, especially in the security sense?
If someone were to hack and be able to get access to view files, they
could open that file and see the username/password. Is there some way
to encrypt it or something?
So far the only thing I can think of to help limit that file's exposure
is to place it outside the /var/www/htdocs folder region. And of course
make sure the mySQL account it's connecting to has only the mySQL
permissions it needs.

Thanks for any advice!
Liam

[Back to original message]