Thanks everyone for your input. I was just curios since everyone is so concern about security, yet some messageboards/CMS use passwords for their databases on the index page or an include. -- ...hG http://www.helmutgranda.com "Robby Russell" <robby@xxxxxxxxxxxxxxx> wrote in message news:1108699420.5381.7.camel@xxxxxxxx : On Thu, 2005-02-17 at 20:47 -0600, .....hG wrote: : > While back I read in an article that placing UN and PASSwords in a PHP was : > not secure. couple of open source programs that I have seen they have for : > example : > : > $database = ####; : > $username = $$$$; : > $password = ####; : > : > It makes me wonder how secure in reallity it is to place your UN and : > Passwords on a PHP file. : > : > Thanks for your input : > : : Well, what do you suggest we do? We could ask the code you write to : guess the username and password? : : >From the web, if you do it right, there is no way to really find out : what the user/pass is. Don't keep it in your webroot if you can help it : is a good way to avoid any issues. The only people who should have : access to the file are you and your webserver process. : : if you put a file in your directory called, db.inc.php and it looks like : so: : : <?php : : // robbys secret password : $super_secret_password = "noonewillguessthisone"; : : ?> : : .. if php is properly configured, this will never be displayed : at /db.inc.php ... will just show a blank page : : : -- : /*************************************** : * Robby Russell | Owner.Developer.Geek : * PLANET ARGON | www.planetargon.com : * Portland, OR | robby@xxxxxxxxxxxxxxx : * 503.351.4730 | blog.planetargon.com : * PHP/PostgreSQL Hosting & Development : * --- Now hosting Ruby on Rails Apps --- : ****************************************/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
