> Store the connection strings in an include file preferably outside the > wed root. You can include files with a fully resolved path, or using the > php include_path variable if you have access to the configuration. > Alternately, if you don't have access to directories outside the > webroot, put the
That would be slightly more secure, but still not foolproof. Where-ever the file is, it has to ultimately be accessible by the webserver. Any user on the system will either have access to that folder through the shell or through the webserver via their own script. I guess there's not really any great way of protecting database connection information on a shared server? Patrick ---| patrick gibson |---------------+ email: email @ patrickg.com url: http://patrickgibson.com/ ------------------------------------+ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
