Actually you are only exposed if you have not set up Apache to run with
virtual hosts. It is not difficult to configure Apache so that a person
can only see the scripts that are in his/her directory, and is prevented
from seeing or modifying the scripts in other peoples directories. Also,
it is wise to place your DB passwords in a separate small file, and then
include the file in all your scripts. You can place the password file in a
directory that doesn't have any accessibility from anyone on the
web. Let's say we have a password file called "dbpass.inc", and we place
it in a directory called "/var/protected" off the root. Only the webserver
is set to have permission to access this directory. The password file
should look something like this:
<?php
username="username";
password="password";
?>
Then in all your scripts include the following line:
include ('/var/protected/dbpass.inc);
-Ken
At 08:02 PM 6/5/01 -0500, Paul DuBois wrote:
>At 10:37 PM +0100 6/5/01, Jorge Oliveira wrote:
>>Hi again,
>>
>>You are right, your username and password will have to be on every PHP
>>script that needs to use database.
>>
>>However, you don't have to be afraid because nobody can access the source of
>>your PHP scripts - unless they are a good hacker!
>
>Actually, anyone else on the Web server host that has permission to
>install scripts for the Web server can access the source.
>
>I couldn't tell from the original message whether the Web server is
>shared with other people or not, but if you don't have your own
>server, you're exposed.
>
>>
>>I think you should pay a visit to http://www.php.net to understand how PHP
>>works. Start with the basics and you will see that is reallY VERY simple.
>>
>>Be cool,
>>
>>
>>Jorge Oliveira
>>[EMAIL PROTECTED]
>>
>>----------------------------------------
>>© webfroggie.com - Recursos Online!
>>web: http://www.webfroggie.com
>>wap: http://www.webfroggie.com
>
>
>--
>Paul DuBois, [EMAIL PROTECTED]
>
>---------------------------------------------------------------------
>Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
>To request this thread, e-mail <[EMAIL PROTECTED]>
>To unsubscribe, e-mail
><[EMAIL PROTECTED]>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
