PHWinfo - Afficher un message - Re: how to not write password in code for using to mysql?

04/06/2007, 07h46

> What is this groups overall view on setting up .htaccess with
> something like:
> php_value auto_prepend_file /path/to/password/file.php
>
> Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it
> yet, though if it never "screws up" I'm inclined to think it is more
> secure since the path is hidden even when they can see your scripts.

Why do so in an .htaccess file? Do so in the main apache config.
Besides, I do not think there is much security left if people can see
the source code.
The best way to "protect" the passwords is to make them useless: block
any access from non-known machines (by IP address, for instance).

Best regards,
--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/

04/06/2007, 07h46	#3
Willem Bogaerts Messages: n/a Hébergeur:	Re: how to not write password in code for using to mysql? > What is this groups overall view on setting up .htaccess with > something like: > php_value auto_prepend_file /path/to/password/file.php > > Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it > yet, though if it never "screws up" I'm inclined to think it is more > secure since the path is hidden even when they can see your scripts. Why do so in an .htaccess file? Do so in the main apache config. Besides, I do not think there is much security left if people can see the source code. The best way to "protect" the passwords is to make them useless: block any access from non-known machines (by IP address, for instance). Best regards, -- Willem Bogaerts Application smith Kratz B.V. http://www.kratz.nl/