But if the database is on another machine then the password is sent as plain
text over the internet, no?




-----Original Message-----
From: Ben Cairns [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 21, 2001 10:06 AM
To: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] PHP security


Anything contained within the PHP open & close Tags (<? ?> ) is parsed out 
server side.

In order for them to read the source of the file, they must have console 
access.

Try and get a password from www.mywapfone.net/index.php

That page does a DB connect using your script.

You cannot see my Password in the source right?

Does this answer your question?

As the MySQL server is on localhost, then the password never leaves the 
machine, so is not travelling over the internet.

Therefore, no-one can packet grab from the machine to get the password.

-- Ben Cairns - Head Of Technical Operations
intasept.COM
Tel: 01332 365333
Fax: 01332 346010
E-Mail: [EMAIL PROTECTED]
Web: http://www.intasept.com

"MAKING sense of
the INFORMATION
TECHNOLOGY age
@ WORK......"


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to