Bastien Koert wrote:
> store your password/access credentials outside the web root and use php
> to read the data in.

This is good for web attacks, but I'm thinking of an account break in
where someone is accessing files directly on the server.

> Another alternative is to wrap those items in a
> function and check the calling source to make sure its only your
> application

How would you do this?


>> From: Roberto Mansfield <[EMAIL PROTECTED]>
>> To:
>> Subject: [PHP-DB] database password
>> Date: Tue, 03 Apr 2007 09:39:32 -0400
>> Howdy all,
>> Just wondering what -- if anything -- people are doing to protect
>> plaintext database passwords in their PHP scripts. Ultimately, PHP needs
>> a plaintext password to create the database connection, so it seems that
>> obfuscation is the best we can achieve on this front. While not really
>> secure by itself, obfuscation along with other measures (firewall,
>> privilege separation, file system privileges, etc) can help slow someone
>> down. So I've been looking into this approach at the moment. Any other
>> ideas out there?
>> Thanks,
>> Roberto
>> -- 
>> PHP Database Mailing List (
>> To unsubscribe, visit:
> _________________________________________________________________

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to