The standard apache install filters anything named .ht*. on the web tree. -- Josh -----Original Message----- From: Peter Beckman [mailto:beckman@purplecow.com] Sent: Wednesday, November 06, 2002 6:44 PM To: Steve Cayford Cc: php-db@lists.php.net; William Trappeniers Subject: Re: MySQL password protection? And make sure you make sure the webserver will not SERVE that file!!! You see the source, see that you are fopening the file, I'll find it on your system and get it from the web server and I have your password! Make sure the file is NOT in the document root that the web server serves from. You could also just use the file ".htpasswd", usually by default web servers will NOT serve any file named that. However, much safer to put it somewhere that the web server cannot see (but your PHP script can). Also, this is just as insecure as the other way to any person with a login on the box your PHP script is in. Usually the script is owned by nobody:nobody or read-write all, in which case all local users can get your password. The nobody method at least keeps no password. Peter On Wed, 6 Nov 2002, Steve Cayford wrote: > You could put it anywhere. Stick it in a text file somewhere, fopen() > and read the file for the password. Or keep it in a php script outside > of the web root if that's the issue, then just include() it when you > need to. > > Of course any file you put it in will have to be readable by whatever > user the webserver is running as. > > -Steve > > On Wednesday, November 6, 2002, at 04:16 PM, 1LT John W. Holmes wrote: > > >> I was wondering if it is possible to protect my password to the > > MySQL-server > >> from being in a PHP-script. Now I can't do that, so everybody who > >> gets to > >> see my php-sourcecode also can see my (not protected/not encrypted) > >> password. > >> How can I change this? > > > > You can't, unless you want to put it in php.ini or a my.conf file... > > > > ---John Holmes... > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > ------------------------------------------------------------------------ --- Peter Beckman Systems Engineer, Fairfax Cable Access Corporation beckman@purplecow.com http://www.purplecow.com/ ------------------------------------------------------------------------ --- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
