Put it in an include file, like..
dbconnect.inc
Then add this to your httpd.conf file:
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>
keeps people from downloading your .inc files.
And also, make the .inc file readable only by the web server
and no one else.
Cheers.
---------------------
Johnny Withers
[EMAIL PROTECTED]
p. 601.853.0211
c. 601.209.4985
-----Original Message-----
From: oltra jean-michel [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 30, 2001 10:03 AM
To: Philippe Louis Houze
Cc: [EMAIL PROTECTED]
Subject: Re: Password security
On Sun, 29 Apr 2001, Philippe Louis Houze wrote:
> Date: Sun, 29 Apr 2001 10:56:52 -0400
> From: Philippe Louis Houze <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Password security
>
> Hi,
>
> How do you keep MySQL password out of view of "visitors" when needed in PHP to
>access the db. The password is in plain english in
all the php files, and can be easily downloaded by anyone.
>
> Philippe
>
> ex:
>
> <? mysql_connect("host", "user", "password");
> mysql_select_db("database");
> ?>
<?
include("variables.php3");
$link = mysql_connect($db_server,$db_login,$db_password);
mysql_select_db($db,$link);
?>
and in variables.php3 file
<?
$db_server = "host";
$db_login = "user";
$db_password = "mypassword";
$db = "database";
?>
and protect include-directory with .htaccess
--
jean-michel
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php