Michael Geier schrieb:

> PHP Source code is only available on the server, and will never be shown to
> the client (unless you create a tool to allow them to see the source;
> see show_source() );
> And you can always put your authentication data (username/passwords) in an
> external include() file
> auth.inc:
> <?
>         $username = "foo";
>         $password = "bar";
> ?>
> page.php:
> <?
>         include ('[secure directory outside of web tree]/auth.inc');
>         mysql_connect("dbname",$username,$password);
> ?>
> of course, if you are on a shared-host web server (multiple clients on the
> same server), you are only as secure as the weakest idiot that
> configures/administrates the server, IMHO.

Won't the server ask for authorization if the included PHP script is in an
directory accessible with .htaccess-Authorization?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to