Re: Best practice regarding MySQL username/pw in script file??

I agree with the suggestion to keep username/password files outside the
web root. If you cannot do this (such as scripts like PHPBB and
Coppermine) place the username/passwords inside a PHP file as varibles
which can be included in any needed scripts, this way, if someone knows
the name of the password file, and tries to view it, all they will see
is a blank screen, as the PHP was parsed and dealt with before being
sent out.

.

Relevant Pages

  • Re: Best practice regarding MySQL username/pw in script file??
    ... Coppermine) place the username/passwords inside a PHP file as varibles ... which can be included in any needed scripts, this way, if someone knows ... just add the include_once/include line to include the original configuration ... path to the included files instead of relative paths. ...
    (alt.php)
  • Re: Best practice regarding MySQL username/pw in script file??
    ... Coppermine) place the username/passwords inside a PHP file as varibles ... which can be included in any needed scripts, this way, if someone knows ... location, create a new file with the same name in the same location and you just add the include_once/include line to include the original configuration file, this works fine as long as there aren't any include lines in the original file, if there are, you need to change those to include an absolute path to the included files instead of relative paths. ...
    (alt.php)
  • Re: Database password security
    ... No one is able to call scripts out of context, ... strange results and error messages. ... >because apache will parse the php file before it is sent. ... "forgets" to parse a file. ...
    (comp.lang.php)
  • Re: variables and sensitive info
    ... > this in any other php file on the site, ... $mysite = New Website; ... > the different scripts in this method? ...
    (alt.php)