Ryan,
I don't see how your username / password could be compromised by including
it in a connect statement. There's a common warning that you should be
careful when naming PHP files with a different extension (if the server
doesn't recognize the extension as PHP and thus returns the unparsed file.)
Apart from that I don't see how having a function return the
username/password can provide any added security. I mean you'd have to
include the username/password in the code for the function so if someone
could see the source then they'd still see the username/password.
I guess if you wanted to be able to show the source for your file and keep
the username/password private then you could include a file that has their
values stored in variables (I still don't see why you'd need a function.)
Aral :)
----- Original Message -----
From: "Shrout, Ryan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 25, 2001 8:48 AM
Subject: [PHP] Security Question
> In a lot of PHP code that I have seen, there are lines such as this:
>
> mysql_connect('localhost', 'mysql_login()', 'mysql_password()');
>
> that is used to "hide" the login and password from someone should they
> somehow view the code instead of the output of the PHP file. My question
> is, how do I set up those "functions" mysql_login and mysql_password? Are
> they just standard functions defined in a header someplace? Or is this
even
> the best, most secure way of handling it?
>
> Ryan Shrout
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
