Michael Geier schrieb:
> PHP Source code is only available on the server, and will never be shown to
> the client (unless you create a tool to allow them to see the source;
> see show_source() );
>
> And you can always put your authentication data (username/passwords) in an
> external include() file
>
> auth.inc:
> <?
> $username = "foo";
> $password = "bar";
> ?>
>
> page.php:
> <?
> include ('[secure directory outside of web tree]/auth.inc');
> mysql_connect("dbname",$username,$password);
> ?>
>
> of course, if you are on a shared-host web server (multiple clients on the
> same server), you are only as secure as the weakest idiot that
> configures/administrates the server, IMHO.
Won't the server ask for authorization if the included PHP script is in an
directory accessible with .htaccess-Authorization?
Oliver
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
