RE: Password security

Mon, 30 Apr 2001 08:05:37 -0700 

Put it in an include file, like..

        dbconnect.inc

Then add this to your httpd.conf file:

<Files ~ "\.inc$">
        Order allow,deny
        Deny from all
</Files>

keeps people from downloading your .inc files.

And also, make the .inc file readable only by the web server
and no one else.

Cheers.

---------------------
Johnny Withers
[EMAIL PROTECTED]
p. 601.853.0211
c. 601.209.4985


-----Original Message-----
From: oltra jean-michel [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 30, 2001 10:03 AM
To: Philippe Louis Houze
Cc: [EMAIL PROTECTED]
Subject: Re: Password security


On Sun, 29 Apr 2001, Philippe Louis Houze wrote:

> Date: Sun, 29 Apr 2001 10:56:52 -0400
> From: Philippe Louis Houze <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Password security
>
> Hi,
>
> How do you keep MySQL password out of view of "visitors" when needed in PHP to 
>access the db. The password is in plain english in
all the php files, and can be easily downloaded by anyone.
>
> Philippe
>
> ex:
>
> <? mysql_connect("host", "user", "password");
>  mysql_select_db("database");
> ?>
<?
include("variables.php3");
$link = mysql_connect($db_server,$db_login,$db_password);
mysql_select_db($db,$link);
?>

and in variables.php3 file
<?
$db_server = "host";
$db_login = "user";
$db_password = "mypassword";
$db = "database";
?>

and protect include-directory with .htaccess
--
jean-michel


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php



---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to