Re: dumb PHP question

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MVaughn Treude at <-
M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Phil Mattison
Date:  
To: plug-discuss
Subject: Re: dumb PHP question
Another approach is to extract the sensitive portions of your code
and place them in an include file that resides outside your document
root path. i.e.

/home/httpd/php-inc/myincludes.php
/home/httpd/html/mysite/mypage.php

Where mypage.php has the statement require_once("myincludes.php");
You can add the include path via php.ini or a variety of other methods.
That way no browser can reach it.
--Phil M.

> From: Vaughn Treude <>
> Organization: Nakota Software, Inc.
> To: <>
> Subject: dumb PHP question
> Date: Mon, 8 Nov 2004 07:20:37 -0700
> Reply-To:
>
> Hello all:
> I know there are a lot of PHP gurus on this list, so hopefully it's not
too
> off-topic.
> I'm a newbie to PHP and I'm struggling with a login script for my
> organization's website. I'm using an example script I got off the Web
> somewhere. It uses MySQL through the "PEAR" database driver. Here's the
> code snippet for the connection code in db_connect.php:
>
> ---------------------------
>
> file://require the PEAR::DB classes.
>
> require_once 'DB.php';
>
>
> $db_engine = 'mysql';
> $db_user = 'XXXX';
> $db_pass = 'YYYYYYYY';
> $db_host = 'ieeepacn.com';
> $db_name = 'ZZZZZZZ';
>
> $datasource = $db_engine.'://'.
>   $db_user.':'.
>   $db_pass.'@'.
>   $db_host.'/'.
>     $db_name;

>
>
> $db_object = DB::connect($datasource, TRUE);
>
> ------------------------
>
> This works, but it occurs to me: how can this thing possibly be secure?
The
> password's there in clear text. A person would only need read access to
get
> it. And if the PHP file's not globally readable, the login fails. Is
there
> some factor here I'm missing such that it's more protected than I think?
Or
> is there a better way to approach this?
>
> Thanks!
> Vaughn


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-RE: debian package name for smbtreeCharitable home for 10 meg hubs->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)