On 03 Oct 2006, at 12:40 , Deckard wrote:
Richard Lynch wrote:
First, you're scaring the [bleep] out of me from a security
standpoint
writing mysql passwords into files...
It's not that unusual.
It might not be unusual, but it's not that bright.
It's a matter of securing the web server.
There are better ways to go. My solution (which is not a great one,
but better, at least) is to put the database login info into a
separate file named something like .htdbpass.
require('.htdbpass');
This way, at least, apache is pre-build to never allow access to the
file, since it blocks all accesses to .ht*
And yeah, a key is better, but I've not gotten that far.
--
Critics look at actresses one of two ways: you're either bankable or
boinkable.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
