RE: [PHP-DB] How can you hide database login passwd in yourscript?

2001-09-05 Thread Alnisa Allgood
At 6:22 PM +1000 9/5/01, speedboy wrote: $0 option: Put your user ID and password in a config file, then give only the webserver user access to it. Read the config file to make it work. This also allows easy switching between test and production environments. You can't change the

Re: [PHP-DB] How can you hide database login passwd in yourscript?

2001-09-05 Thread Paul Burney
That does not stop another php user fopen'ing your config file. This is a point that needs to be stressed. The other posts about keeping db connection info outside of the web tree and naming the files .php are good ones, but even with them, there can be major security problems on a shared