heyy folks,
I am really not going to tell the usual "back after a long time" thingy. Hell it's around an year since the last post. Yeah had busier times :). Nevermind, let's focus on today's topic. It's actually kinda old thing i wanted to document a long time before. First we need to identify the problem.
Problem
Storing sensitive data like database connection info [ ex: db username, db password] in an XML file
Why would we store them in XML database?
1) Obviously we cant store them in the database we are going to store other data since this file has the connection details of the database. So these info should be available separately
2) We could use few other means of storing data as well, but XML is so easy to use. Not to mention all the classes in php to handle XML parsing.
What's wrong with current methods?
Usually how this is done is simply storing those ultra secret stuff in an XML file and then preventing normal users from accessing it. ex: you can add htaccess rules to prevent access to it. But sometimes our server feature requirements are limited and mostly many web admins simply forget to protect these XML configurations.
Solution
Store XML inside a php file.
Now this would seem a bit odd. You might say "hey its just as same as storing them in plain text". NOPE, what i mean is store the XML data as a hard coded variable in a php script. Since php wont let a client see anything that isnt given to the output, the XML is now safe :)
Lets go to the real stuff.
Storing XML in php
quite simply, just put it in a variable
settings.php
Access data from php
Piece of cake ! the simpleXMLElement class will turn your XML to an object :D
index.php
Edit and Save XML data from php
Now this is the only kinda tricky part. Here we actually have to write the php FILE manually with edited xml.
The good thing is that any changes to XML data is represented as XML by php. Hard part is writting the file without any errors.
edit.php
now if you goto settings.php from browser, you wont see a single thing :)
that's it ! Now you can store wonderful secrets and manage them as easily [or more easily] as using SQL :D
Hope for another one soon.
Cyah
I am really not going to tell the usual "back after a long time" thingy. Hell it's around an year since the last post. Yeah had busier times :). Nevermind, let's focus on today's topic. It's actually kinda old thing i wanted to document a long time before. First we need to identify the problem.
Problem
Storing sensitive data like database connection info [ ex: db username, db password] in an XML file
Why would we store them in XML database?
1) Obviously we cant store them in the database we are going to store other data since this file has the connection details of the database. So these info should be available separately
2) We could use few other means of storing data as well, but XML is so easy to use. Not to mention all the classes in php to handle XML parsing.
What's wrong with current methods?
Usually how this is done is simply storing those ultra secret stuff in an XML file and then preventing normal users from accessing it. ex: you can add htaccess rules to prevent access to it. But sometimes our server feature requirements are limited and mostly many web admins simply forget to protect these XML configurations.
Solution
Store XML inside a php file.
Now this would seem a bit odd. You might say "hey its just as same as storing them in plain text". NOPE, what i mean is store the XML data as a hard coded variable in a php script. Since php wont let a client see anything that isnt given to the output, the XML is now safe :)
Lets go to the real stuff.
Storing XML in php
quite simply, just put it in a variable
settings.php
- <?php//simply make a new variable xml and put the xml code//note that the XML code is put in a special way
- $xml = <<<XML
- <?xml version="1.0" standalone="yes"?>
- <config>
- <secret>thisismypassword</secret>
- </config>
- XML
- ?>
Access data from php
Piece of cake ! the simpleXMLElement class will turn your XML to an object :D
index.php
- <?php
- //first import the settings.php
- // $xml variable is visible to this script
- include("settings.php")
- //simply make a new SimpleXMLElement object in php
- //this object will turn the XML configuration to an object, yeah that easy :D
- $config = new SimpleXMLElement($xml);
- //to access use xml data, simply use the object notation
- echo "my secret is : ";
- echo $config->secret;
- ?>
Edit and Save XML data from php
Now this is the only kinda tricky part. Here we actually have to write the php FILE manually with edited xml.
The good thing is that any changes to XML data is represented as XML by php. Hard part is writting the file without any errors.
edit.php
- <?php
- //first import the settings.php
- // $xml variable is visible to this script
- include("settings.php")
- //lets change some data, i mean the only data which is the secret
- $config->secret = "mynewsecretpassword";
- //now we need any change done to XML in XML format, another bit of cake
- //asXML() method gives an object in XML format
- $editedXML = $config->asXML();
- //prepare the string to write CAREFULLY
- $toWrite = '<?php'.PHP_EOL.
- '$xml = <<<XML'.PHP_EOL.
- $editedXML.PHP_EOL.
- 'XML'.PHP_EOL.
- '?>';
- //PHP_EOL is the php end of line, that's to add a line break
- //if you echo this, you'll see the settings.php as exactly
- //always manage errors when using file operations
- try{
- //now open the file settings.php to write edited XML
- $file = fopen("settings.php",'w');
- //write the new file
- fwrite($file,$toWrite);
- //close the stream
- fclose($file);
- }catch(Exception $e){
- die("Damnit error");
- }
- ?>
now if you goto settings.php from browser, you wont see a single thing :)
that's it ! Now you can store wonderful secrets and manage them as easily [or more easily] as using SQL :D
Hope for another one soon.
Cyah
No comments:
Post a Comment