Re: Best practice regarding MySQL username/pw in script file??
- From: "J.O. Aho" <user@xxxxxxxxxxx>
- Date: Sun, 16 Jul 2006 14:21:46 +0200
dimo414 wrote:
I agree with the suggestion to keep username/password files outside the
web root. If you cannot do this (such as scripts like PHPBB and
Coppermine) place the username/passwords inside a PHP file as varibles
which can be included in any needed scripts, this way, if someone knows
the name of the password file, and tries to view it, all they will see
is a blank screen, as the PHP was parsed and dealt with before being
sent out.
You can move the file outside the web-root too, move the file to a secure location, create a new file with the same name in the same location and you just add the include_once/include line to include the original configuration file, this works fine as long as there aren't any include lines in the original file, if there are, you need to change those to include an absolute path to the included files instead of relative paths.
//Aho
.
- Follow-Ups:
- Re: Best practice regarding MySQL username/pw in script file??
- From: cewyattjr
- Re: Best practice regarding MySQL username/pw in script file??
- References:
- Best practice regarding MySQL username/pw in script file??
- From: cewyattjr
- Re: Best practice regarding MySQL username/pw in script file??
- From: dimo414
- Best practice regarding MySQL username/pw in script file??
- Prev by Date: SORRY, did not mean to crosspost.
- Next by Date: Re: database injection
- Previous by thread: Re: Best practice regarding MySQL username/pw in script file??
- Next by thread: Re: Best practice regarding MySQL username/pw in script file??
- Index(es):
Relevant Pages
|
