On Monday 28 February 2005 10:52, Jason Wong wrote: > > If you don't need the flexibility of the custom program and would rather > make use of existing infrastructure: > > http://marc.theaimsgroup.com/?l=php-general&m=110137778213700&w=2 You said in that post: "Set default MySQL user and password in your virtual host container. Then connect to MySQL without specifying user and password."
Presumably the file which contains the virtual host directive is readable by the process the webserver is running as - if not how does this work? Therefore the technique you describe is no more secure than that described earlier of putting the passwords in a file outside the webserver root. The technique I described keeps you passwords secret even if an attacker has read access to files they shouldn't. A similar strategy is used for the shadow password file on Unix boxes. cheers Simon -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Simon Rees | [EMAIL PROTECTED] | ORA-03113: end-of-file on communication channel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php