ID: 14564 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Feature/Change Request Operating System: Windows NT 4/SQL Server 7 PHP Version: 4.1.0 New Comment:
This would be great, as i too think it is a potential security risk to have usernames and passwords in the source-code. But instead of keeping it in MS-SQL functions i suggest it is also available for ODBC connections. Just another small suggestion i thought of; maybe it's a good idea to implement a second (form of) [dbtype]_connect() function, which will accept something like an ODBC Connection String. This way it would be possible to either use the following: 1. DSN connection with specified user & password 2. DSN connection with trusted connection to db-server 3. DSN-less connection with connection string The only way it is available now is by using the COM functionality. Which is OK if you want to go that way, but that does mean rewriting a lot of code if there is no db-abstraction layer in use. Previous Comments: ------------------------------------------------------------------------ [2001-12-17 11:27:14] [EMAIL PROTECTED] Making this a feature request ------------------------------------------------------------------------ [2001-12-17 11:12:07] [EMAIL PROTECTED] I consider the inclusion of database usernames and passwords in scripts to be a security risk. In a Windows environment it is possible to access SQL Server via a trusted connection. This uses the context of the current logged in user. Furthermore it is possible to configure IIS and presumably Apache to use a particular user account to service requests. It is therefore possible (for example under ASP) to open a database connection without specifying a username or password in the script because the context of the current user account has permission to access the SQL Server. I would be happy if this functionality could be implmented in the MS SQL Server extension. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=14564&edit=1
