>file by FTP for example). If you're really paranoid, put the
>username/password outside your htroot into a separate file, say
>passwords.inc and include it into php with
>include('/secure/passwords.inc'), but this isn't really needed, and
>BTW, it won't make the connection method more secure, or insecure.

Perhaps I'm paranoid.. don't think it's bad.

I would recommend putting it outside the htroot.. this will prevent people 
from seeing it if someone screws up the serverconfig..

Another thing.... I wouldn't call it password.inc.. if someone would gain 
access to your userdir they would first look for something with password or 
passwd in it.. give it an unrelated name..

I must agree that it won't make your PHP script more secure since it's 
parsed. But it's always a good thing to be carefull.



PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to