Les Neste wrote:
> Hi,
>
> I have a question about security with PHP. I'm building a site with PHP
> and some of the scripts connect to MySQL. All someone needs to do to get
> my MySQL passwords is view the PHP source, right? And the recommended
> approach around this is to use Zend, right?
>
> Please correct me if I'm off base here. TIA!
The recommended approach is to keep your scripts in a relatively secure
directory and make sure the webserver is always configured to parse the
scripts, never to send them as plaintext. You're always using Zend with PHP4,
because the engine beneath PHP is the Zend engine. You may have been
referring to the 'encoder' product - this is not necessary, and is meant more
to help people distribute their applications without giving out source. In a
pure
web environment using the encoder doesn't make much sense, to me anyway.
HTH
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
