I had the same problem. My friend hosted with indialinks or some other Co in
Goregoun/ Malad I think, and i bought that to their notice. But that guy
simply
ignored me. As far as i know, you need to have a didicated server for your
work.
I dont know of any other way, except ofcourse, you enter the password as
part
of a http POST. But then all your end users will also have to know the
passwd.
This is an interesting topic.
-----Original Message-----
From: ranjeet walunj <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, December 08, 1999 7:54 AM
Subject: [ILUG-BOM] security help :PHP +MySQL
>hi guys
>is there ne programmer in php+mysql ?
>bcuz in php we get connected to mysqld with the strings like
><?
>$hostname="urhostname";
>$username="username";
>$passwd="urpasswd";
>
>MYSQL_CONNECT($hostname,$username,$passwd);
>?>
>
>now my problem is this .php3/.phtml file is world readable
>evn if the directory in which it is placed is not having r/w access on
>webserver
>but ne 1 who is having telnet access (in case of webserver the other guys
>who r hosting on the same server)
>can copy the file without getting ne problem...thus he can get the
database
>passwd (which is very critical)
>i've tried that n i could successfully get passwd for many sites(i mean the
>DB passwd) on my server which r running php scripts
>
>will ne 1 working on securing weserver help me out plz....
>or is there ne diff way of defining username+passwd in php script?
>can external exec file EXPORT these variables ?how to get them in php
script
>working?
>expecting a reply from u guys
>ranjeet
>
>______________________________________________
>FREE Personalized Email at Mail.com
>Sign up at http://www.mail.com?sr=mc.mk.mcm.tag001
>
>To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the
mailing list button and fill the appropriate information
>and submit. For any other queries contact the ML maintener
>
>
To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the mailing list
button and fill the appropriate information
and submit. For any other queries contact the ML maintener
