On Monday 28 February 2005 19:33, Simon Rees wrote:
> You said in that post: "Set default MySQL user and password in your
> virtual host container. Then connect to MySQL without specifying user
> and password."
>
> Presumably the file which contains the virtual host directive is
> readable by the
On Monday 28 February 2005 10:52, Jason Wong wrote:
>
> If you don't need the flexibility of the custom program and would rather
> make use of existing infrastructure:
>
> http://marc.theaimsgroup.com/?l=php-general&m=110137778213700&w=2
You said in that post: "Set default MySQL user and password i
On Monday 28 February 2005 18:44, Simon Rees wrote:
> On Sunday 27 February 2005 20:53, Micah Stevens wrote:
> > I think about as safe as you can get is by putting the connection
> > data out of the served directory, somewhere that's not directly
> > accessable, and concentrate on system integrity.
On Sunday 27 February 2005 20:53, Micah Stevens wrote:
> I think about as safe as you can get is by putting the connection data
> out of the served directory, somewhere that's not directly accessable,
> and concentrate on system integrity. (security wise)
A refinement of this technique is availab
>
> The original question was concerning that if someone somehow had access to
> the file which stored the connections details then they would be able to
> use it to connect to the mysql server. Now if someone somehow had access
> to your key then it's game over for you. Unless you password prot
On Sunday 27 February 2005 07:11, Micah Stevens wrote:
> Well, yes, but as my key is never transmitted from client to server,
> it's safer. ;)
>
> I encrypt a connect request with my private key, which is can be
> unencrypted by the public key, but the server knows it's me because
> only the privat
Well, yes, but as my key is never transmitted from client to server, it's
safer. ;)
I encrypt a connect request with my private key, which is can be unencrypted
by the public key, but the server knows it's me because only the private key
can make the encryption. The message is sent over the ne
On Saturday 26 February 2005 04:16, Micah Stevens wrote:
> I was just thinking that a better way to do this is with a
> public/private key set. Then it would be secure, but as someone else
> mentioned, you'd have to patch the source to make it work.
How would it be safer? Correct me if I'm wrong:
.
>
> Good luck,
>
> Bob Sherer
>
> -Original Message-
> From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 24, 2005 10:54 AM
> To: Gael Lams
> Cc: php-db@lists.php.net
> Subject: Re: [PHP-DB] password in md5 to connect to mysql
y, February 24, 2005 10:54 AM
To: Gael Lams
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of
clear password
On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote:
> Hi all
>
> I use the classic following rows
[never made it to list, no idea why - been 26 hours - resending.]
[ may have been since it had reply-to field before to - funny...]
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder wheth
I was just thinking that a better way to do this is with a public/private key
set. Then it would be secure, but as someone else mentioned, you'd have to
patch the source to make it work.
-Micah
On Friday 25 February 2005 07:29 am, Robby Russell wrote:
> On Thu, 2005-02-24 at 02:37 -0800, Ga
On Thu, 2005-02-24 at 02:37 -0800, Gael Lams wrote:
> Hi all
>
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone reading the file could
> not use
Not answering your question but I'd put the connect info into a separate
include file. This should then be placed in a directory that can be
accessed by the Web Server but not by any other user (except root). Then
when you need to establish a connection you just need to include the file.
graeme
Nope, the login function uses cleartext. Put your connect function in a
seperate file in a secure directory, and include() it to make the connection.
That seems to be the way to do it, someone else may have a better idea.
-Micah
On Thursday 24 February 2005 02:37 am, Gael Lams wrote:
> Hi al
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find
On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote:
> Hi all
>
> I use the classic following rows to connect to a mysql
> database. I always put $passsword in clear in the php
> connection file and I wonder whether there is a way to
> have it in md5 so that someone readi
17 matches
Mail list logo