Is using a .txt file as database of meta tags secure?

Question

I came across a snippet that uses the meta_tags.txt as a database of meta tags for its website's pages. I was planning to implement it in one of my projects. I am also planning in using HTMLPurifier for the variables before "printing".

Being a security freak, is this method secure? or do I have to add additional security measures to prevent other malicious attacks? Maybe, a MySQL table instead of a text document?

Answer 1

The only risk I see in using this method is to make sure that you protect that file through Apache's .htaccess if you wish to protect sensitive information, should that file contain any later on or that you want to build a database for other things such as a user base, newsletters, etc.

• http://httpd.apache.org/docs/current/howto/htaccess.html

For example:

<files "file.txt">
deny from all 
</files>

and placed outside the webroot of your server.

However, using a text file as a database is a lot of work though when it comes to modifying it such as updating, deleting, searching, etc., so you may want to think about your options.

One of which is using a database along with prepared statements is also a good bet and is a lot more manageable.

References:

• http://dev.mysql.com/doc/refman/5.7/en/sql-syntax.html
• https://en.wikipedia.org/wiki/Prepared_statement
• http://php.net/manual/en/pdo.prepared-statements.php
• http://php.net/manual/en/mysqli.prepare.php

Flat file database references:

• https://en.wikipedia.org/wiki/Flat_file_database
• http://www.sqlite.org/ (works well with PHP http://php.net/sqlite)

JSON is also another option:

• http://www.json.org/
• https://en.wikipedia.org/wiki/JSON