Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialHenrik Christensen
Python Web Development Techdegree Student 38,322 Pointsadmin login
Hi,
I'm trying to make an admin page for a blog and I'm wondering if it's okay to store the admin username and password (this will be the only user) inside the php-tags or should I create a table in my database to store the username and password?
2 Answers
Kevin Korte
28,149 PointsYou mean like just hard code the admin login credentials?
Henrik Christensen
Python Web Development Techdegree Student 38,322 PointsAfter reading all this I think it might be better creating a table to store the admin infos. Thank you very much for the answer :-)
Henrik Christensen
Python Web Development Techdegree Student 38,322 PointsHenrik Christensen
Python Web Development Techdegree Student 38,322 Pointsyes like..
With better username / password ofc :-P
Kevin Korte
28,149 PointsKevin Korte
28,149 PointsI suppose you could, if this is just going to remain a super simple blog. You'll still want to make sure you're somehow authenticated to the site, and making authenticated requests to add, edit, or delete, maybe though the use of a cookie or something.
Of course though, you run the risk that by storing your username and password in plain text, if someone gets your source files, it could be game over. And that you have to remember to not check that file into any sort of version control. All of github is searchable, so people can just search for words like "password" and get back all the repos that have files checked in with the word "password" in them. Most often people try farming API keys this way by people who check their keys in.
I would keep your creds in a file of it's own, and include it in other files where it's needed. But since you're going to have a database anyway I assume, I'd at least considering taking the extra work to have a users table, and store your hashed password in the database, that's the safest way.