At 16:59 -0800 1/27/02, Fred wrote:
>If this file has a .php extension remote users will not have access to the
>variables because the file is parsed by php and they never see the actual
>file contents when requesting the document via the web.  If you are
>concerned with users on localhost having access to the file, simply give it
>the correct permissions so that no one else has read access.

No so easy.  The server itself must have read access.  If other users on
the local host can install scripts that the server executes, any of those
scripts can read the text of your scripts.

What then? You're hosed.

>If you are concerned about web users having access, if, for example, the php
>parser crashed and apache tried to pass the file through without parsing,
>you can put the default server, user and pass variables in the php.ini file
>which is not in the document root for apache.  Of course, this only works if
>all of your scripts use the same server, user and password.
>Duky Yuen <[EMAIL PROTECTED]> wrote in message
>>  How can I secure my username and password? In 1 of my files, it contains
>>  the following:
>>      $conn = mysql_connect( "", "username", "password");
>>      mysql_select_db("database",$conn);
>>  What should I do, so people can't get this information?
>>  Duky
>PHP Database Mailing List (
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to