Bastien Koert wrote:
> store your password/access credentials outside the web root and use php
> to read the data in.
This is good for web attacks, but I'm thinking of an account break in
where someone is accessing files directly on the server.
> Another alternative is to wrap those items in a
> function and check the calling source to make sure its only your
How would you do this?
>> From: Roberto Mansfield <[EMAIL PROTECTED]>
>> To: firstname.lastname@example.org
>> Subject: [PHP-DB] database password
>> Date: Tue, 03 Apr 2007 09:39:32 -0400
>> Howdy all,
>> Just wondering what -- if anything -- people are doing to protect
>> plaintext database passwords in their PHP scripts. Ultimately, PHP needs
>> a plaintext password to create the database connection, so it seems that
>> obfuscation is the best we can achieve on this front. While not really
>> secure by itself, obfuscation along with other measures (firewall,
>> privilege separation, file system privileges, etc) can help slow someone
>> down. So I've been looking into this approach at the moment. Any other
>> ideas out there?
>> PHP Database Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php