admin管理员组文章数量:1122832
First of all I do not have a lot of experience with wordpress plugins, but I am developing a plugin which has to connect and send data to a remote database ( which it is already doing ). But at this point of time my connection is not secure at all because all the database info is shown for the admin of the site.
This is my code at the moment, it works and all but how can I make sure that noone will see the database data that is in this file?
<?php
function webARX_connect_to_db(){
$servername = "remote_host";
$username = "username";
$password = "password";
$dbname = "database_name";
// Create connection
$webARX_connection = new wpdb($username, $password, $dbname, $servername);
if (empty($webARX_connection->show_errors())){
return $webARX_connection;
} else {
return $webARX_connection->show_errors();
}
}
?>
First of all I do not have a lot of experience with wordpress plugins, but I am developing a plugin which has to connect and send data to a remote database ( which it is already doing ). But at this point of time my connection is not secure at all because all the database info is shown for the admin of the site.
This is my code at the moment, it works and all but how can I make sure that noone will see the database data that is in this file?
<?php
function webARX_connect_to_db(){
$servername = "remote_host";
$username = "username";
$password = "password";
$dbname = "database_name";
// Create connection
$webARX_connection = new wpdb($username, $password, $dbname, $servername);
if (empty($webARX_connection->show_errors())){
return $webARX_connection;
} else {
return $webARX_connection->show_errors();
}
}
?>
- 1 you can't and it is an insecure design unless it is run in an intranet – Mark Kaplun Commented May 13, 2016 at 7:35
- Aren't there any workarounds for it? – Kristen Sepp Commented May 13, 2016 at 8:17
- 1 Yes. An API. I dealt with a question just like this, let me find it. – TheDeadMedic Commented May 13, 2016 at 10:47
- Would be fantastic if you'd link me to the thread/post :) – Kristen Sepp Commented May 13, 2016 at 10:52
2 Answers
Reset to default 1I'd recommend setting up an API, and also ensuring the sites are HTTPS (have an SSL certificate) to encrypt communication between the servers.
If you don't have one already, there are free certifiers such as https://letsencrypt.org/
Great question.
A couple of things:
First, best practices tell us to always keep these types of assets outside of our Web server’s document root. PHP isn't limited by the same restrictions as a Web server, from a permissions perspective, so you can make a directory on the same level as your document root and place all of your sensitive data and code there.
Second, create a new database user that is limited in what it can do. Use this account for calls, rather than a super-privileged user.
Using these two methods will greatly minimize your risks.
Hope I've offered some help.
Good luck.
本文标签: securityHow to connect my wordpress plugin to a remote database securely
版权声明:本文标题:security - How to connect my wordpress plugin to a remote database securely? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736303919a1932049.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论