On 4/21/2013 7:35 PM, Glob Design Info wrote:
A very complex solution that takes time to learn, configure, and
install, vs. a single file I can toss on the server.

Over-engineering is what is daft.

As has been pointed out to you - your simplistic approach to this task is going to cost you big-time down the road. When (and it will) the credentials to your mysql database get out and somebody(!) misuses them, you will be the one called to answer on this security breach. The last creds that you give out in an application are the keys to the kingdom. Your usage of the db access values should be confined to a script snippet that does the connecting for all scripts that seek data from the database. This snippet is included in those scripts from a folder that is outside of your webroot. Users have their own credentials that, once accepted, allow the user to make their requests. This is just such basic security practice, why can you not see it and accept the advice you are being given?

As for why your connect statement doesn't work, that is truly a problem. I certainly don't know as much as the people on this group who have been trying to help you, but I know enough to listen to them and I know the basics of best security practices. You have spent two days trying to get answers to a question that shouldn't be answered. That's a slice of development time wasted. You need to backup, rework your db access and then simply change your current authentication script to use an ordinary user id and pswd that steers the users to a script that helps them access their data views without revealing to them the connect values.

And personally, I think PHP is the best thing I've ever taken up since my first Univac assembler course back in 1971.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to