Re: [PHP] is it safe to store username and password for mysql connection in session variables?

2003-11-24 Thread Chris Shiflett
--- anders thoresson [EMAIL PROTECTED] wrote: In the ini-files for my php-projects, I store various settings. Two of them is username and password for my mysql-connections. Is it safe to load these two into session variables when a user logs in to my application? For the most part, yes,

Re: [PHP] is it safe to store username and password for mysql connection in session variables?

2003-11-24 Thread anders thoresson
For the most part, yes, it is fine. Because session variables are maintained on the server, many risks are not a concern. Ok. So it's more or less safe, at least as long as the server is locked down. But someone, on this list or somewhere else, I don't remember, pointed out that if my site gets

Re: [PHP] is it safe to store username and password for mysql connection in session variables?

2003-11-24 Thread Chris Shiflett
--- anders thoresson [EMAIL PROTECTED] wrote: For the most part, yes, it is fine. Because session variables are maintained on the server, many risks are not a concern. Ok. So it's more or less safe, at least as long as the server is locked down. But someone, on this list or somewhere else,

Re: [PHP] is it safe to store username and password for mysql connection in session variables?

2003-11-24 Thread anders thoresson
David Sklar and Adam Trachtenberg (two smart guys who authored the PHP Cookbook) suggest storing this information in the Web server's environment. Guess we are talking about recipe 8.20 and 8.21? I'm on a SunOS shared server. Should I add SetEnv DB_PASS password to the .htaccess file in my

Re: [PHP] is it safe to store username and password for mysql connection in session variables?

2003-11-24 Thread Justin French
On Tuesday, November 25, 2003, at 06:25 AM, anders thoresson wrote: For the most part, yes, it is fine. Because session variables are maintained on the server, many risks are not a concern. Ok. So it's more or less safe, at least as long as the server is locked down. But someone, on this list

[PHP] is it safe to store username and password for mysql connection in session variables?

2003-11-23 Thread anders thoresson
Hi, In the ini-files for my php-projects, I store various settings. Two of them is username and password for my mysql-connections. Is it safe to load these two into session variables when a user logs in to my application? Or is it better to access the ini-file each time a mysql-connection

Re: [PHP] is it safe to store username and password for mysql connection in session variables?

2003-11-23 Thread Justin French
On Monday, November 24, 2003, at 01:54 AM, anders thoresson wrote: Is it safe to load these two into session variables when a user logs in to my application? Or is it better to access the ini-file each time a mysql-connection is needed? I include the file with unames and passwords as needed.