Manual:Securing database passwords
LocalSettings.php by default contains MySQL database user IDs and passwords. Keeping these credentials in LocalSettings.php is risky, because under rare conditions PHP files can be served as plain text revealing these credentials to the world:
- PHP is disabled on the server
- PHP itself breaks
- You have CGI search.pl (a common CGI search script) anywhere in that domain. Description of exploit.
If in these rare cases you want to keep your MySQL username and password a secret, they should not be part of the LocalSettings.php file.
MySQL Passwords Outside Of Webroot
You should never put your MySQL passwords in a text file that is within the web root. You can avoid doing so by doing this:
- Make a directory outside your web root. For example, if your website is located at "
/htdocs/www-wiki", then make a directory called "external_includes" outside of your webroot:
- Create a file in the directory you just made called something like "mysql_pw.php" and place a variable on a separate line for each of your mysql user name, password, hostname, and database name, each variable being set to the real values. For example, using nano as your editor:
- Type the following lines using the real values of course in place of the bracketed "mysql_" fillers:
<?php $wgDBserver = "[mysql_host]"; $wgDBname = "[mysql_db_name]"; $wgDBuser = "[mysql_user]"; $wgDBpassword = "[mysql_password]"; // more confidential data... ?>
- Take care to leave no whitespace (blank lines) after the text.
- Save and close the file. In nano this is: Ctr+O (save) and Ctr+X (close)
Check with your distro for the webserver's user. This varies, and examples include "apache", "www-data", "nobody", "httpd". Then set the permissions for the password file like so:
chgrp apache mysql_pw.php
(removes the access-rights from others and write-rights from webserver)
chmod 640 mysql_pw.php
- (probably repeat with g-rxw ... for LocalSettings.php )
- Make sure that the file owner has
chmod 400 LocalSettings.php
- Edit your LocalSettings.php file and add the following line in the beginning of the file:
require_once "/external_includes/mysql_pw.php"; //require_once "[FULL ABSOLUTE PATH TO mysql_pw.php]";
- Now remove these variables from LocalSettings.php:
$wgDBserver $wgDBname $wgDBuser $wgDBpassword
This way if somebody is able to access and display LocalSettings.php, all they will see is some settings rather than the password, username, etc. to your MySQL database and the real file containing that information is off limits to the web server. You still need to make sure LocalSettings.php is only readonly to the apache user as described above.
drwx--x--x(711). For the file "mysql_pw.php" you will have to set
rw-r--r--(644), otherwise your wiki will not run. Still, your password is secure because the file with critical info is out of web access.
- The setting $wgSMTP for sending emails contains user name and password. It can be secured in the same way