On Wed, 6 Jun 2001, Ian Ford wrote:
> Name your config file config.inc and if any of the below situations
> happen your password and username will not show up in plain text for the
> casual browser.
> (EXAMPLE:
>
> CONFIG.INC
> <?
> $DBname = 'test';
> $DBuser = 'imatest';
> $DBpass = 'Whatever';
> $DBhost = 'localhost';
> ?>
>
> INDEX.PHP
> <?
> require("config.inc");
> $conn = mysql_connect($DBhost,$DBuser,$DBpass);
> mysql_select_db($DBname);
> ?>
>
> END EXAMPLE)
> You can place the config.inc any where you want. My preference is in a
> includes folder...
The config.inc file should still be placed outside of the document root
to guard against the security risks I described. If not then there is
nothing preventing the user from entering the full URL to config.inc.
Neil
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php