As far as I know, you can not download PHP programs without access to
download them. Meaning you need an account on the webserver, so they would
need your account user and pass before they could steal your mysql user and
pass. I don't know how frontpage works, but it would probably have to call
on the server to parse the php script before downloading it. There is no way
to download a PHP script as a "nobody" user without it being parsed by PHP
first.


----- Original Message -----
From: "Don" <[EMAIL PROTECTED]>
To: "php-db list" <[EMAIL PROTECTED]>
Sent: Tuesday, February 20, 2001 1:24 PM
Subject: [PHP-DB] PHP security


> I am writing aome PHP scripts to connect to a MySQL database.  In order
> to connect, I have found the following documented code:
>
> $dbLink = mysql_connect("localhost", "my_user", "my_password")
>
> Here, the password is plain text.  This does not seem very secure to
> me.  What is to prevent someone using a program like Frontpage to
> download my web and discover my password?
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to