Storing it in a file in public_html shouldn't cause that much of a security risk not should it?

You would want to hide the password from your web users. When you put it into a php file, it's not visible for the users, because php is server parsed. If the password is your "master password" you're using for important other things as well, change it.

Regards
Markus

You would want to hide the password from your web users. When you put it into a php file, it's not visible for the users, because php is server parsed. If the password is your "master password" you're using for important other things as well, change it.

Regards
Markus

The php file is visible. They could access it if they wanted it. I want to be totally secure and my root cannot hold it. COuld anyone explain how to use .htaccess file for this?

Who is "they"?

[edited by: coopster at 12:14 am (utc) on Nov. 16, 2004]
[edit reason] language [/edit]

they is the users who have a telnet and can copy the files of my website....like a password file

>> When you put it into a php file, it's not visible for the users, because php is server parsed.

If I remember correctly, and assuming this hasn’t been fixed in the last year or so, if the PHP parser ever fails then any requested PHP files will be served to the browser as type html. I.e. the PHP source code itself will be shown in the browser, not the result of the PHP code. So anything in the PHP file will be viewable to anyone.

Am I right, and if so is there a way around this?

create a username and password that only have the privilegedes that are needed. So if you only need to run SELECT statement IF they ever get the UN/pw they wont be able to run updates, deletes, drop etc