I'm not sure if there's a way around this, though there's a few simple
precautions you can take. You can put a function that returns the resource
in an include file outside of the public html folders, which helps a
little bit. It's also always good to give the least permission possible
and to only allow connections from localhost.
Now I know this isn't exactly what you asked, but someone will probably
come along shortly and offer something more in line.
Ben
On Fri, 04 Nov 2005 15:36:47 -0500, "Bing Du" <du_bing@xxxxxxxxxxx> wrote:
Hello,
Some functions need you to provide username and password, for instance
odbc_connect. Even though the username/password just has minimum access
privileges to the resource, putting it there in clear text in a script
gives
me heartburn. How do people handle username/password in such kind of
cases?
I'm sure there must be some way to store critical information in some
encrypted format but it's still readable to scripts for authentication
purpose. But don't know how. Any ideas or pointer would be greatly
appreciated.
Bing
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
