In my current hosting situation I don't have the ability to store my file
that contains MySQL userids/passwords in a subdirectory that is not under
the server root. In order to protect it from being included from a foreign
host I thought up this scheme of using the php_uname function to check that
it is running on the correct host. Does this look reasonably secure? I am
not hosting any kind of store, or terribly sensitive data - it will only be
a bulletin board.
This is the format of my datadef.php file which will be included in my php
scripts that access the MySQL database.
<?php
$host = php_uname('n');
if (($host == 'devhost') || ($host == 'prodhost'))
{
define ('DB_USER', 'username');
define ('DB_PASSWORD', 'password');
define ('DB_HOST', 'localhost');
define ('DB_NAME', 'dbname');
}
else
{
exit();
}
?>
Thanks for your comments,
Lawrence Kennon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
