Store the connection strings in an include file preferably outside the wed root. You can include files with a fully resolved path, or using the php include_path variable if you have access to the configuration. Alternately, if you don't have access to directories outside the webroot, put the
patrick gibson wrote: > I'm new to PHP, and I have a question regarding the storage of connection > properties to the database. I have a site on a shared (Unix) server. I'm > adding some PHP to a section which will be database-driven. I'm concerned > about storing the username and password to my database (some of the data > contained within this database is sensitive) in my PHP files which are > readable by the webserver, and thus by anyone on the system. > > Is there a recommended strategy for keeping my database username and > password in a secure location so that no other user can access the files? > Any help would be greatly appreciated. > > Thanks very much, > > Patrick > > ---| patrick gibson |---------------+ > email: email @ patrickg.com > url: http://patrickgibson.com/ > ------------------------------------+ > > -- "Out beyond the ideas of wrong-doing and right-doing there is a field. I'll meet you there." -Rumi *>>>>---------------->>>>(O)<<<<--------------------<<<<* [EMAIL PROTECTED] *** under construction *** http://centralcoasthealing.net Healing Resources on the Central Coast http://kornsnake.com Internet Development -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]