Hello all:
I know there are a lot of PHP gurus on this list, so hopefully it's not too
off-topic.
I'm a newbie to PHP and I'm struggling with a login script for my
organization's website. I'm using an example script I got off the Web
somewhere. It uses MySQL through the "PEAR" database driver. Here's the
code snippet for the connection code in db_connect.php:
---------------------------
//require the PEAR::DB classes.
require_once 'DB.php';
$db_engine = 'mysql';
$db_user = 'XXXX';
$db_pass = 'YYYYYYYY';
$db_host = 'ieeepacn.com';
$db_name = 'ZZZZZZZ';
$datasource = $db_engine.'://'.
$db_user.':'.
$db_pass.'@'.
$db_host.'/'.
$db_name;
$db_object = DB::connect($datasource, TRUE);
------------------------
This works, but it occurs to me: how can this thing possibly be secure? The
password's there in clear text. A person would only need read access to get
it. And if the PHP file's not globally readable, the login fails. Is there
some factor here I'm missing such that it's more protected than I think? Or
is there a better way to approach this?
Thanks!
Vaughn
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)