Thanks everyone for your input. I was just curios since everyone is so
concern about security, yet some messageboards/CMS use passwords for their
databases on the index page or an include.
--
...hG
http://www.helmutgranda.com
Robby Russell [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
: On Thu, 2005-02-17 at 20:47 -0600, .hG wrote:
: While back I read in an article that placing UN and PASSwords in a PHP
was
: not secure. couple of open source programs that I have seen they have
for
: example
:
: $database = ;
: $username = ;
: $password = ;
:
: It makes me wonder how secure in reallity it is to place your UN and
: Passwords on a PHP file.
:
: Thanks for your input
:
:
: Well, what do you suggest we do? We could ask the code you write to
: guess the username and password?
:
: From the web, if you do it right, there is no way to really find out
: what the user/pass is. Don't keep it in your webroot if you can help it
: is a good way to avoid any issues. The only people who should have
: access to the file are you and your webserver process.
:
: if you put a file in your directory called, db.inc.php and it looks like
: so:
:
: ?php
:
: // robbys secret password
: $super_secret_password = noonewillguessthisone;
:
: ?
:
: .. if php is properly configured, this will never be displayed
: at /db.inc.php ... will just show a blank page
:
:
: --
: /***
: * Robby Russell | Owner.Developer.Geek
: * PLANET ARGON | www.planetargon.com
: * Portland, OR | [EMAIL PROTECTED]
: * 503.351.4730 | blog.planetargon.com
: * PHP/PostgreSQL Hosting Development
: * --- Now hosting Ruby on Rails Apps ---
: /
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php