Gerben wrote: > I think he is talking about the password that is written inside the script > in the mysql_connect statement. I think he is worried that someone could > access it's code and find out the DB password.
What I am concerned about is a local user on the server machine, not access through the web server. It sounds like it can be done if there is a separate user or group for the web server process, but this site specific. It would be difficult to distribute a program and use a generalized install routine to install the file containing the passwords to be edited by the site admin. -Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
