> I need to store username and password for mysql in a file to be used by PHP.
> I am concerned with PHP's security. Can anyone use showsource() to read php
> source even if they are on a different server or they are spoofing my ip
> address (hacking)?
No, of course not.
> If I put a file with the secure data in a directory outside the root
> directory and include it in a PHP script, could someone use echo or
> showsource() to view the file content making the data insecure?
Are you on a shared server? ie. Do other people have access to your
server? If so, it is somewhat difficult to guarantee security on
something like this unless you have your own Apache instance running as
your own user id. If you are not on a shared server you don't need to
worry about PHP's security.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
