Re: [PHP] PHP and passwords
William Lovaton wrote: > > If you use just and .inc file any user with a browser can hit in the > URL: http://www.site.com/connect.inc and see what is inside. ...unless you keep your include directory outside the web tree (which is what I always do). That way the files can only be accessed by an include/require from a PHP script inside the web tree. - John English | mailto:[EMAIL PROTECTED] Senior Lecturer | http://www.it.bton.ac.uk/staff/je Dept. of Computing| ** NON-PROFIT CD FOR CS STUDENTS ** University of Brighton|-- see http://burks.bton.ac.uk - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and passwords
No, that is not a good idea. It is potentially much worse to allow people to execute include files out of context than to merely let them see them. The correct way to handle this is to either put your include files outside the document_root, or add an Apache rule to block any direct access to .inc files. -Rasmus On 1 Mar 2002, William Lovaton wrote: > If you use just and .inc file any user with a browser can hit in the > URL: http://www.site.com/connect.inc and see what is inside. > > So, de recomendation is: > > Use a .php extension: connect.inc.php > > > William > > > El jue, 28-02-2002 a las 14:16, Sam Masiello escribió: > > > > What you could do is have a script called connect.inc which has your > > pg_pconnect statement, then use the "include" directive to include your > > connect.inc on all of your subsequent PHP pages. This way you only have the > > username/password hard coded in one location so if the username/password > > were to change, you only have to change one script instead of changing many. > > > > HTH > > > > Sam Masiello > > Software Quality Assurance Engineer > > Synacor > > (716) 853-1362 X289 > > [EMAIL PROTECTED] > > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and passwords
If you use just and .inc file any user with a browser can hit in the URL: http://www.site.com/connect.inc and see what is inside. So, de recomendation is: Use a .php extension: connect.inc.php William El jue, 28-02-2002 a las 14:16, Sam Masiello escribió: > > What you could do is have a script called connect.inc which has your > pg_pconnect statement, then use the "include" directive to include your > connect.inc on all of your subsequent PHP pages. This way you only have the > username/password hard coded in one location so if the username/password > were to change, you only have to change one script instead of changing many. > > HTH > > Sam Masiello > Software Quality Assurance Engineer > Synacor > (716) 853-1362 X289 > [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP and passwords
What you could do is have a script called connect.inc which has your pg_pconnect statement, then use the "include" directive to include your connect.inc on all of your subsequent PHP pages. This way you only have the username/password hard coded in one location so if the username/password were to change, you only have to change one script instead of changing many. HTH Sam Masiello Software Quality Assurance Engineer Synacor (716) 853-1362 X289 [EMAIL PROTECTED] - Original Message - From: "webmaster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 28, 2002 4:59 AM Subject: [PHP] PHP and passwords > Is there a way to connect to your database using php without hard coding > a password into the php file? We run PostgreSQL 7.1 on a Linux 7.2 > server with the latest version of apache. I don't want to change the > authentication within Postgres to not require a password. But I also, > for security reasons, don't want to have passwords coded into the php > scripts for accessing the database. I'm very new to php, but very > excited about what I've learned so far. Any help would be appreciated. > > thanks, > > Elkan > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php