Remember that PHP is a server-side scripting language, so all PHP code is parsed at the server side and you will never see the code but the results, second, the .php files should have permissions that do not allow direct acces to them, but thru the web browser!! So, basically there is no problem with those parameters used to connect to the DB Chicolinux -----Original Message----- From: Chuck Han [mailto:csh@xxxxxxxxxxxxxxxxxx] Sent: Miércoles, 27 de Julio de 2005 03:41 p.m. To: php-db@xxxxxxxxxxxxx Subject: mysql_connect($server,$user,$password); Much of the password discussion I've seen revolves around encrypting the user-supplied password, but what about the user/password used to make the initial connection? In other words, I'm assuming that the .php file has the initial user and password right in the text in order to make the connection. Is there a way around this, because it seems very insecure to me that these parameters would be in the .php source. Or is the .php source supposedly not readable? thanks, Chuck -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Este mensaje es exclusivamente para el uso de la persona o entidad a quien esta dirigido; contiene informacion estrictamente confidencial y legalmente protegida, cuya divulgacion es sancionada por la ley. Si el lector de este mensaje no es a quien esta dirigido, ni se trata del empleado o agente responsable de esta informacion, se le notifica por medio del presente, que su reproduccion y distribucion, esta estrictamente prohibida. Si Usted recibio este comunicado por error, favor de notificarlo inmediatamente al remitente y destruir el mensaje. Todas las opiniones contenidas en este mail son propias del autor del mensaje y no necesariamente coinciden con las de Radiomovil Dipsa, S.A. de C.V. o alguna de sus empresas controladas, controladoras, afiliadas y subsidiarias. Este mensaje intencionalmente no contiene acentos. This message is for the sole use of the person or entity to whom it is being sent. Therefore, it contains strictly confidential and legally protected material whose disclosure is subject to penalty by law. If the person reading this message is not the one to whom it is being sent and/or is not an employee or the responsible agent for this information, this person is herein notified that any unauthorized dissemination, distribution or copying of the materials included in this facsimile is strictly prohibited. If you received this document by mistake please notify immediately to the subscriber and destroy the message. Any opinions contained in this e-mail are those of the author of the message and do not necessarily coincide with those of Radiomovil Dipsa, S.A. de C.V. or any of its control, controlled, affiliates and subsidiaries companies. No part of this message or attachments may be used or reproduced in any manner whatsoever. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php