Roberto Mansfield wrote:
Bastien Koert wrote:
store your password/access credentials outside the web root and use php
to read the data in.

This is good for web attacks, but I'm thinking of an account break in
where someone is accessing files directly on the server.

I suggest you think about this for a second before you start designing with a really pointless obfuscation system. Say someone is accessing files directly on the server... if they can get at the file that contains the password then they can also get at the PHP code that will de-obfuscate it. Spend your time locking the doors rather than putting 5-minute obstacles in the path.


PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to