Re: [PHP-DB] about unsecure connection to mysql
I have a proposal for a solution to this problem. At the moment it is not ready for use but I welcome feedback on the idea. You can read my proposal and download the code from here: http://uranus.it.swin.edu.au/~jn/linux/php/passwords.htm John. Sukanto Kho wrote: Hi all, I've created a file named 'connection'(used to connect to mysql server)... This file connect to mysql server with user=root en password inserted The problem is user name (in this case root) and password appeared in file... so that anyone who get the file may know what the password and user name is... Are there any solution to more secure connection?? Thanks. Nicholas Sk2 -- John Newbigin - Computer Systems Officer School of Information Technology Swinburne University of Technology Melbourne, Australia http://www.it.swin.edu.au/staff/jnewbigin -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] about unsecure connection to mysql
Sukanto Kho wrote: I've created a file named 'connection'(used to connect to mysql server)... This file connect to mysql server with user=root en password inserted The problem is user name (in this case root) and password appeared in file... so that anyone who get the file may know what the password and user name is... Are there any solution to more secure connection?? 1. Put the file outside of your web root 2. Deny access to the file using .htaccess 3. Give the file a .php extension so people will only get the _result_ of the file (which if it just contains variables, the result will be empty). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php