Re: [PHP] PHP and passwords

2002-03-06 Thread John English
William Lovaton wrote: > > If you use just and .inc file any user with a browser can hit in the > URL: http://www.site.com/connect.inc and see what is inside. ...unless you keep your include directory outside the web tree (which is what I always do). That way the files can only be accessed by an

Re: [PHP] PHP and passwords

2002-03-01 Thread Rasmus Lerdorf
No, that is not a good idea. It is potentially much worse to allow people to execute include files out of context than to merely let them see them. The correct way to handle this is to either put your include files outside the document_root, or add an Apache rule to block any direct access to .in

Re: [PHP] PHP and passwords

2002-03-01 Thread William Lovaton
If you use just and .inc file any user with a browser can hit in the URL: http://www.site.com/connect.inc and see what is inside. So, de recomendation is: Use a .php extension: connect.inc.php William El jue, 28-02-2002 a las 14:16, Sam Masiello escribió: > > What you could do is have a sc

Re: [PHP] PHP and passwords

2002-02-28 Thread Sam Masiello
t: Thursday, February 28, 2002 4:59 AM Subject: [PHP] PHP and passwords > Is there a way to connect to your database using php without hard coding > a password into the php file? We run PostgreSQL 7.1 on a Linux 7.2 > server with the latest version of apache. I don't want to chan

[PHP] PHP and passwords

2002-02-28 Thread webmaster
Is there a way to connect to your database using php without hard coding a password into the php file? We run PostgreSQL 7.1 on a Linux 7.2 server with the latest version of apache. I don't want to change the authentication within Postgres to not require a password. But I also, for security rea