----- Original Message -----
From: "Jon Haworth" <[EMAIL PROTECTED]>
To: "Dan Joseph" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, April 04, 2003 12:19 PM
Subject: RE: [PHP] Opinion on a method....
> Hi Dan,
>
> > I would like to get some opinions here on a method I'm doing
> > to grab connect information for a mysql connection. Currently
> > I am doing:
> > $pinfo = fopen ("/director1/directory2/filename.ini","r");
>
> Does this filename.ini contain the code to connect to your database? If
so,
> I usually do two things with this file:
>
> 1. put it outside the document root, so users can't browse to it
> 2. put any code that might output something (an error message, for
example)
> inside a function, so even if it is run, nothing will happen - you need to
> include() it and then call the function yourself.
>
> If it's just connection information, with no code (I'm a bit confused by
the
> .ini extension :-) then just make sure it's somewhere outside your
document
> root.
>
> > Is XML a solution?
>
> I don't think XML is inherently any more secure than plain text - it's all
> down to how you store and transmit the data.
>
> Cheers
> Jon
I will add in this case that include() is going to be no less secure than
fopen(), plus it's going to be a whole hell of a lot easier.
- Kevin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
