Welcome to WebmasterWorld Guest from 54.226.113.250

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

php connection to mysql file unable to hide

     
3:59 am on Nov 15, 2004 (gmt 0)

New User

10+ Year Member

joined:Nov 15, 2004
posts:5
votes: 0


I need to connect to my mysql database via php with a php file including my password and username and database and all that.

However, the php on the server seems to not include the root and I do not know where to put it or how to hide it in order to use it but have it secure.

Someone suggeste .htaccess but I do not know how to use that to do what I am trying to do.

Please Help
Thank you

4:20 am on Nov 15, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Apr 27, 2003
posts:243
votes: 0


Storing it in a file in public_html shouldn't cause that much of a security risk not should it?
6:06 am on Nov 15, 2004 (gmt 0)

New User

10+ Year Member

joined:Nov 10, 2004
posts:30
votes: 0


You would want to hide the password from your web users. When you put it into a php file, it's not visible for the users, because php is server parsed. If the password is your "master password" you're using for important other things as well, change it.

Regards
Markus

8:32 pm on Nov 15, 2004 (gmt 0)

New User

10+ Year Member

joined:Nov 15, 2004
posts:5
votes: 0


You would want to hide the password from your web users. When you put it into a php file, it's not visible for the users, because php is server parsed. If the password is your "master password" you're using for important other things as well, change it.

Regards
Markus

The php file is visible. They could access it if they wanted it. I want to be totally secure and my root cannot hold it. COuld anyone explain how to use .htaccess file for this?

10:27 pm on Nov 15, 2004 (gmt 0)

New User

10+ Year Member

joined:Nov 10, 2004
posts:30
votes: 0


Who is "they"?

[edited by: coopster at 12:14 am (utc) on Nov. 16, 2004]
[edit reason] language [/edit]

3:55 am on Nov 24, 2004 (gmt 0)

New User

10+ Year Member

joined:Nov 15, 2004
posts:5
votes: 0


they is the users who have a telnet and can copy the files of my website....like a password file
9:58 am on Nov 24, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 19, 2004
posts:88
votes: 0


>> When you put it into a php file, it's not visible for the users, because php is server parsed.

If I remember correctly, and assuming this hasnít been fixed in the last year or so, if the PHP parser ever fails then any requested PHP files will be served to the browser as type html. I.e. the PHP source code itself will be shown in the browser, not the result of the PHP code. So anything in the PHP file will be viewable to anyone.

Am I right, and if so is there a way around this?

10:41 am on Nov 24, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 6, 2001
posts:2213
votes: 0


create a username and password that only have the privilegedes that are needed. So if you only need to run SELECT statement IF they ever get the UN/pw they wont be able to run updates, deletes, drop etc
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members