--- anders thoresson [EMAIL PROTECTED] wrote:
In the ini-files for my php-projects, I store various settings.
Two of them is username and password for my mysql-connections.
Is it safe to load these two into session variables when a user logs
in to my application?
For the most part, yes,
For the most part, yes, it is fine. Because session variables are
maintained on the server, many risks are not a concern.
Ok. So it's more or less safe, at least as long as the server is locked
down. But someone, on this list or somewhere else, I don't remember,
pointed out that if my site gets
--- anders thoresson [EMAIL PROTECTED] wrote:
For the most part, yes, it is fine. Because session variables are
maintained on the server, many risks are not a concern.
Ok. So it's more or less safe, at least as long as the server is
locked down. But someone, on this list or somewhere else,
David Sklar and Adam Trachtenberg (two smart guys who authored the PHP
Cookbook) suggest storing this information in the Web server's
environment.
Guess we are talking about recipe 8.20 and 8.21?
I'm on a SunOS shared server. Should I add SetEnv DB_PASS password to
the .htaccess file in my
On Tuesday, November 25, 2003, at 06:25 AM, anders thoresson wrote:
For the most part, yes, it is fine. Because session variables are
maintained on the server, many risks are not a concern.
Ok. So it's more or less safe, at least as long as the server is
locked down. But someone, on this list
Hi,
In the ini-files for my php-projects, I store various settings. Two of
them is username and password for my mysql-connections.
Is it safe to load these two into session variables when a user logs in
to my application? Or is it better to access the ini-file each time a
mysql-connection
On Monday, November 24, 2003, at 01:54 AM, anders thoresson wrote:
Is it safe to load these two into session variables when a user logs
in to my application? Or is it better to access the ini-file each time
a mysql-connection is needed?
I include the file with unames and passwords as needed.
7 matches
Mail list logo