[PHP] RE: [PHP-DB] [PHP] PHP and MYSQL Security`

2002-01-27 Thread Gurhan Ozen 

The actual content of the .php files won't be seen from the net since it is
server side scripting language.. But if you are still concerned you can put
database connection info into another file (preferably .php file) and place
it somewhere outside your web directory and access it thru require() or
include() functions inside your actual web page.
  But if your concern is for local users' access to those file , just set
your file/directory permissions accordingly.

Gurhan

-Original Message-
From: Duky Yuen [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 27, 2002 7:38 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [PHP-DB] [PHP] PHP and MYSQL Security`


How can I secure my username and password? In 1 of my files, it contains
the following:

$conn = mysql_connect( "12.34.56.78", "username", "password");
mysql_select_db("database",$conn);

What should I do, so people can't get this information?

Duky


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Re: [PHP-DB] [PHP] PHP and MYSQL Security`

2002-01-27 Thread Miles Thompson 


For a start, please don't cross-post.

Secondly, people don't see these files because the PHP engine parses them. 
However, you could remove each of the parameters to an include file outside 
the web tree and have PHP read it.

Set the include_path in php.ini

Thus in a file named parameters.inc you can have these lines:

$hostname = "12.34.56.78";
$user = "username";
$password = "password";
$dbname = "database";

and change your connection string as follows:
  include 'params.inc';
 //maybe some other stuff her
 $conn = mysql_connect( '$hostname', '$user', '$password');
 mysql_select_db('$dbname',$conn) or die( mysql_errno()." : 
".mysql_error());

There has been a lot of discussion on this topic, even within the past ten 
days, so a search of the archives will give you the full discussion.

Regards - Miles Thompson

At 01:37 AM 1/28/2002 +0100, Duky Yuen wrote:
>How can I secure my username and password? In 1 of my files, it contains
>the following:
>
> $conn = mysql_connect( "12.34.56.78", "username", "password");
> mysql_select_db("database",$conn);
>
>What should I do, so people can't get this information?
>
>Duky
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]