Simple _complete_ solution:  Find a different hosting company that provides a 
virtual server and root access to everything about your account.  Cost should 
be nominal, but probably not free.

Simple _partial_ solution:  Use INCLUDEs for the login portions of the 
script(s) and place them in a protected directory.  If you are unable to 
protect directories (.htaccess) with this host, they are begging for trouble 
and victimizing their subscribers.

Simple _lack of a_ solution:  Don't put anything on this site that anyone cares 
about protecting.

If that all sounds obvious, it's supposed to.


Shay wrote:
My hosting company gave me one database and one root user account, and I have no access for priviliges at all. So as far as I can tell, the only way for me to connect to the database on my site is to do a mysql_connect("host", "user", "pass"), where the user and pass are the ones for this one super account.

Is this a major security concern or what? Is there a way around this, or a way to minimize security problems? I've emailed them about this, and they act like they have no clue what I'm talking about:

I'm not trying to hide files or directories, I'm talking about when I use
PHP and make a connection to the database using mysql_connect("host",
"user", "pass"). This script is what is in my webpages that connects to the
DB and retrieves data to print for users. Is there an anonymous account to
use for retrieving data, or can I make one?

Then the program or script you are using should have means
for your users to access permitted areas. And there is no
anonymous account, there is only your own account Db

Now. Hosting company provide your site with tool for you to use your
own programs and it's up to you which programs and how you use them.
Our job is to make sure the tool is working. Other than that, we do not
provide support for scripts and the programs you are using.

If you having problems to use some programs then you need to get
in touch with developers and find what need to be done and how.

-- PHP Database Mailing List ( To unsubscribe, visit:

Reply via email to