I have tested again what I said yesterday and found that if I have
problems in PHP support in Apache then all my information
(username and password) are seing simly on the screen, so it's not
about dead SQL server but PHP.
However, I went through all docs that I have on this topic and found
that the only solution of this is to put included "connect.php/inc"
outside of htdocs directory and configure your php.ini such a way
that one outsider directory would be accepted and only by php call.
Hope I didn't mess up this time so you are able to understand what
I mean... =))
Thank you for the help anyway, just be aware of this PHP prob
when you pick up provider.
Youri
On 8 Aug 2001, at 19:33, Attila Strauss wrote:
> hi,
>
> there are 2 ways.
>
> 1. you hardcore the user/password in the php.ini file.
> 2. u do a simply error checking like :
>
> <?php
> $connect = mysql_connect($host, $user, $pass);
> if(!$connect)
> {
> print "connection failed";
> }
>
> ?>
>
> of course you could also do like kinda header("Location: http://host";); instead
>of print "connection failed".
>
> i hope i could help you.
>
> best regards
> attila strauss
>
>
>
>
> > Hey Jouri,
> >
> >
> > I don't agree with this one. I tested it out on my
> > localhost and got the two error messages I told you I
> > was going to get:
> >
> > Warning: Unknown MySQL Server Host...
> > Warning: MySQL Connection Failed...
> >
> > No usernames/passwords. I have to say however that I
> > always include my connect.php file. Maybe that's a
> > secure way to connect without anyone seeing your
> > password in case of sqlserver problems.
> >
> >
> > Greetz,
> > Bjorn Van Simaeys
> > www.bvsenterprises.com
> >
> >
> >
> >
> > --- BRACK <[EMAIL PROTECTED]> wrote:
> > > If you have Apache and MySQL servers make this
> > > experiment -
> > > start Apache but "forget" to start SQL and go to
> > > your site
> > > http://localhost/... you will see yourself all the
> > > information on the
> > > screen.
> > >
> > > Youri
> > >
> > > On 7 Aug 2001, at 12:53, Ryan Christensen wrote:
> > >
> > > > I'm curious as to how the "hacker" would see all
> > > this information (the
> > > > username.. password, etc..) just by going to a
> > > site where the SQL backend
> > > > was down?
> > > >
> > > > Ryan
> > > >
> > > > > -----Original Message-----
> > > > > From: BRACK [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Tuesday, August 07, 2001 12:36 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: [PHP] MySQL connection
> > > > >
> > > > >
> > > > > I just wanned to bring the issue of security of
> > > MySQL connection:
> > > > >
> > > > > Let us imagine that SQL server was down for some
> > > hours (of
> > > > > course without us knowing it) and at the same
> > > hours our SQL site
> > > > > was visited by some kind of hacker, he can s
> ee
> > > on his screen all
> > > > > our SQL connection info like username,
> > > password, and database
> > > > > name. You may hide this information in different
> > > file than the file
> > > > > that your users open then the hacker will see
> > > something like
> > > > > "include("connect.inc");" or
> > > "require("connect.inc");" (of course IF
> > > > > server is down). So you may only imagine the
> > > consequences of
> > > > > this visit of the hacker. What can we do to
> > > protect our sensitive
> > > > > information if SQL server is down?
> > > > >
> > > > > Youri
> > > > >
> > > > > --
> > > > > PHP General Mailing List (http://www.php.net/)
> > > > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > > > For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > > > > To contact the list administrators, e-mail:
> > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
> > > [EMAIL PROTECTED]
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Make international calls for as low as $.04/minute with Yahoo! Messenger
> > http://phonecard.yahoo.com/
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
