store your password/access credentials outside the web root and use php to
read the data in. Another alternative is to wrap those items in a function
and check the calling source to make sure its only your application
hth
Bastien
From: Roberto Mansfield <robertom@xxxxxxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
Subject: database password
Date: Tue, 03 Apr 2007 09:39:32 -0400
Howdy all,
Just wondering what -- if anything -- people are doing to protect
plaintext database passwords in their PHP scripts. Ultimately, PHP needs
a plaintext password to create the database connection, so it seems that
obfuscation is the best we can achieve on this front. While not really
secure by itself, obfuscation along with other measures (firewall,
privilege separation, file system privileges, etc) can help slow someone
down. So I've been looking into this approach at the moment. Any other
ideas out there?
Thanks,
Roberto
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_________________________________________________________________
http://local.live.com/?mkt=en-ca/?v=2&cid=A6D6BDB4586E357F!420
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
