On Monday 28 February 2005 10:52, Jason Wong wrote:
> If you don't need the flexibility of the custom program and would rather
> make use of existing infrastructure:
> http://marc.theaimsgroup.com/?l=php-general&m=110137778213700&w=2
You said in that post: "Set default MySQL user and password in your virtual 
host container. Then connect to MySQL without specifying user and 

Presumably the file which contains the virtual host directive is readable by 
the process the webserver is running as - if not how does this work? 
Therefore the technique you describe is no more secure than that described 
earlier of putting the passwords in a file outside the webserver root. 
The technique I described keeps you passwords secret even if an attacker has 
read access to files they shouldn't. A similar strategy is used for the 
shadow password file on Unix boxes.

cheers Simon

Simon Rees  | [EMAIL PROTECTED]  |
ORA-03113: end-of-file on communication channel

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to