Re: [PHP-DB] Secure database connectivity?
file by FTP for example). If you're really paranoid, put the username/password outside your htroot into a separate file, say passwords.inc and include it into php with include('/secure/passwords.inc'), but this isn't really needed, and BTW, it won't make the connection method more secure, or insecure. Perhaps I'm paranoid.. don't think it's bad. I would recommend putting it outside the htroot.. this will prevent people from seeing it if someone screws up the serverconfig.. Another thing I wouldn't call it password.inc.. if someone would gain access to your userdir they would first look for something with password or passwd in it.. give it an unrelated name.. I must agree that it won't make your PHP script more secure since it's parsed. But it's always a good thing to be carefull. Bye, B. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Secure database connectivity?
Hi people, I'm setting up a database to collect email addresses on my web site, but I want to avoid using the insecure connection method: mysql_connect("host", "user", "pass") as this obviously displays my username and password to anyone who wants it. So I need a secure method for PHP to access a MySQL DB - I expect there's a million different ways of doing it, and I doubt any of them are simple...! Cheers. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Secure database connectivity?
So I need a secure method for PHP to access a MySQL DB - I expect there's a million different ways of doing it, and I doubt any of them are simple...! You could start including a file from outside your HTML directory.. so Apache can't show it to the world.. but PHP can get it for inclusing.. I don't say this is the most secure way.. but much better then putting them all in your HTML directory.. Bye, B. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]