Re: [PHP-DB] Secure database connectivity?
file by FTP for example). If you're really paranoid, put the
username/password outside your htroot into a separate file, say
passwords.inc and include it into php with
include('/secure/passwords.inc'), but this isn't really needed, and
BTW, it won't make the connection method more secure, or insecure.
Perhaps I'm paranoid.. don't think it's bad.
I would recommend putting it outside the htroot.. this will prevent people
from seeing it if someone screws up the serverconfig..
Another thing I wouldn't call it password.inc.. if someone would gain
access to your userdir they would first look for something with password or
passwd in it.. give it an unrelated name..
I must agree that it won't make your PHP script more secure since it's
parsed. But it's always a good thing to be carefull.
Bye,
B.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Secure database connectivity?
Hi people,
I'm setting up a database to collect email addresses on my web site, but I
want to avoid using the insecure connection method:
mysql_connect("host", "user", "pass")
as this obviously displays my username and password to anyone who wants it.
So I need a secure method for PHP to access a MySQL DB - I expect there's a
million different ways of doing it, and I doubt any of them are simple...!
Cheers.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Secure database connectivity?
So I need a secure method for PHP to access a MySQL DB - I expect there's a million different ways of doing it, and I doubt any of them are simple...! You could start including a file from outside your HTML directory.. so Apache can't show it to the world.. but PHP can get it for inclusing.. I don't say this is the most secure way.. but much better then putting them all in your HTML directory.. Bye, B. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
