On 4/21/2013 7:35 PM, Glob Design Info wrote:
A very complex solution that takes time to learn, configure, and
install, vs. a single file I can toss on the server.
Over-engineering is what is daft.
As has been pointed out to you - your simplistic approach to this task
is going to cost you big-time down the road. When (and it will) the
credentials to your mysql database get out and somebody(!) misuses them,
you will be the one called to answer on this security breach. The last
creds that you give out in an application are the keys to the kingdom.
Your usage of the db access values should be confined to a script
snippet that does the connecting for all scripts that seek data from the
database. This snippet is included in those scripts from a folder that
is outside of your webroot. Users have their own credentials that, once
accepted, allow the user to make their requests. This is just such
basic security practice, why can you not see it and accept the advice
you are being given?
As for why your connect statement doesn't work, that is truly a problem.
I certainly don't know as much as the people on this group who have
been trying to help you, but I know enough to listen to them and I know
the basics of best security practices. You have spent two days trying
to get answers to a question that shouldn't be answered. That's a slice
of development time wasted. You need to backup, rework your db access
and then simply change your current authentication script to use an
ordinary user id and pswd that steers the users to a script that helps
them access their data views without revealing to them the connect values.
And personally, I think PHP is the best thing I've ever taken up since
my first Univac assembler course back in 1971.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php