Michael Geier schrieb: > PHP Source code is only available on the server, and will never be shown to > the client (unless you create a tool to allow them to see the source; > see show_source() ); > > And you can always put your authentication data (username/passwords) in an > external include() file > > auth.inc: > <? > $username = "foo"; > $password = "bar"; > ?> > > page.php: > <? > include ('[secure directory outside of web tree]/auth.inc'); > mysql_connect("dbname",$username,$password); > ?> > > of course, if you are on a shared-host web server (multiple clients on the > same server), you are only as secure as the weakest idiot that > configures/administrates the server, IMHO.
Won't the server ask for authorization if the included PHP script is in an directory accessible with .htaccess-Authorization? Oliver -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php