Re: Remote MySQL connection via PHP file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, December 1, 2006 12:17 pm, Scott wrote:
> I've been searching around for a while, but cannot find a solution.
> For
> a project of mine, I need to keep the connection information to a
> MySQL
> server database on another server.
>
> Example remote file:
>
> <?php
> $user = "joe";
> $pass = "1234";
> ?>
>
> Example local file:
>
> <?php
> include "http://www.remoteserver.com/remote_file.php";;
> // Use variables $user and $pass somehow...
> ?>
>
> I've tried including the file which has the username/pass, etc
> information via HTTP, but this doesn't seem to work.

It would work if your script on the other end wasn't a PHP script, but
was plaintext which output the PHP source you want.

BEFORE (you did)                  AFTER (you should do)
[php source]                      [php source]
<?php                             <?php $php = "<?php
$user = "joe";                    \$user = \"joe\";
$pass = "1234";                   \$pass = \"1234\";
?>                                ?>";
                                  ?>
                                  echo $php;

The difference being that one executes the PHP on the remote server,
and outputs nothing, and the other composes PHP source to be output,
which is then 'include'd on the local server and executed there.

Obligatory Security Notes:

You're opening up a giant can of worms in security here.

If you're not doing this over SSL, a code injection attack is pretty
easy.

Plus, anybody who can surf to the remote machine will be seeing your
password as output.

You really need to think deep about whether you really want to do
this, and why, and all the security implications.

Start reading here:
http://phpsec.org

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux