At 6:22 PM +1000 9/5/01, speedboy wrote:
$0 option:
Put your user ID and password in a config file, then give only the
webserver user access to it. Read the config file to make it work. This
also allows easy switching between test and production environments.
You can't change the
That does not stop another php user fopen'ing your config file.
This is a point that needs to be stressed. The other posts about keeping db
connection info outside of the web tree and naming the files .php are good
ones, but even with them, there can be major security problems on a shared