> Store the connection strings in an include file preferably outside the
> wed root. You can include files with a fully resolved path, or using the
> php include_path variable if you have access to the configuration.
> Alternately, if you don't have access to directories outside the
> webroot, put the

That would be slightly more secure, but still not foolproof. Where-ever the
file is, it has to ultimately be accessible by the webserver. Any user on
the system will either have access to that folder through the shell or
through the webserver via their own script. I guess there's not really any
great way of protecting database connection information on a shared server?


---| patrick gibson |---------------+
 email: email @ patrickg.com
 url: http://patrickgibson.com/

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to