On Thu, 2005-02-17 at 20:47 -0600, .....hG wrote: > While back I read in an article that placing UN and PASSwords in a PHP was > not secure. couple of open source programs that I have seen they have for > example > > $database = ####; > $username = $$$$; > $password = ####; > > It makes me wonder how secure in reallity it is to place your UN and > Passwords on a PHP file. > > Thanks for your input > Well, what do you suggest we do? We could ask the code you write to guess the username and password? >From the web, if you do it right, there is no way to really find out what the user/pass is. Don't keep it in your webroot if you can help it is a good way to avoid any issues. The only people who should have access to the file are you and your webserver process. if you put a file in your directory called, db.inc.php and it looks like so: <?php // robbys secret password $super_secret_password = "noonewillguessthisone"; ?> .. if php is properly configured, this will never be displayed at /db.inc.php ... will just show a blank page -- /*************************************** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | robby@xxxxxxxxxxxxxxx * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting & Development * --- Now hosting Ruby on Rails Apps --- ****************************************/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
