RE: [PHP-DB] Resolution detect and redirect

2001-02-27 Thread Ben - FCP 

Would be a feat indeed if you could get PHP to do this! It does need
Javascript to do (although having returned the result, you could then carry
this forward by setting a variable server side (in php!) that identified the
user and continued to display appropriate page versions).

If you were feeling really clever, you could even go the whole hog and store
these as variables using the session functions of PHP4 (would then mean that
the variable as well as any others you choose to set for the user don't have
to be laboriously carried over each time). Just a thought.

Seriously though,  definitely worth trying http://www.irt.org I would be
very supprised if there wasn't an FAQ specifically about this (its actually
very easy to do in Javascript).

Have fun,

Ben Stoneham
Technical Director - FCP Internet LTD

___

FCP Internet LTD - 'Making the Web Work for You'

70 Smithbrook Kilns, Cranleigh, Surrey, GU6 8JJ, UK.

Tel. 01483 272 303 Fax. 01483 272 303 mail: [EMAIL PROTECTED]

http://www.fcpl.com

___

-Original Message-
From: Joe Brown [mailto:[EMAIL PROTECTED]]
Sent: 27 February 2001 20:46
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Resolution detect and redirect


This feat will require a java script (not appropriate for php/db).

I saw something on a javascript site, perhaps www.webreference.com

gl

""Matthew Cothier"" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Why not just create a table that will resize to any resolution?

 Because I am using different sized images for the different resolutions as
 well as other page thingys.

 And I need the script for other things too.

 So can anyone help?
 _
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP-DB] PHP security

2001-02-20 Thread Ben - FCP 

Absolutely correct!

Having said all of this, it is still a bad idea (certainly on UNIX systems,
I can't speak for Micro$oft) to keep passwords embedded in scripts in this
way, particularly if you are running PHP as a CGI process, it is a better
idea to have the appropriate passwords stored as variables inside a separate
script that is then called via and 'include' statement (which should then be
read-only to 'root' if memory server me right -its been a long time since I
ran PHP this way!).

Ben Stoneham
Technical Director - FCP Internet LTD.

___

FCP Internet LTD - 'Making the Web Work for You'

70 Smithbrook Kilns, Cranleigh, Surrey, GU6 8JJ, UK.

Tel. 01483 272 303 Fax. 01483 272 303 mail: [EMAIL PROTECTED]

http://www.fcpl.com

___

This message is confidential; Any unauthorised disclosure, use or
dissemination,

either whole or partial, is prohibited. If you are not the intended
recipient of the message, please notify the sender immediately.

-Original Message-
From: Doug Schasteen [mailto:[EMAIL PROTECTED]]
Sent: 20 February 2001 19:51
To: Don; php-db list
Subject: Re: [PHP-DB] PHP security


As far as I know, you can not download PHP programs without access to
download them. Meaning you need an account on the webserver, so they would
need your account user and pass before they could steal your mysql user and
pass. I don't know how frontpage works, but it would probably have to call
on the server to parse the php script before downloading it. There is no way
to download a PHP script as a "nobody" user without it being parsed by PHP
first.


- Original Message -
From: "Don" [EMAIL PROTECTED]
To: "php-db list" [EMAIL PROTECTED]
Sent: Tuesday, February 20, 2001 1:24 PM
Subject: [PHP-DB] PHP security


 I am writing aome PHP scripts to connect to a MySQL database.  In order
 to connect, I have found the following documented code:

 $dbLink = mysql_connect("localhost", "my_user", "my_password")

 Here, the password is plain text.  This does not seem very secure to
 me.  What is to prevent someone using a program like Frontpage to
 download my web and discover my password?



 --
 PHP Database Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]






--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]