Re: how to not write password in code for using to mysql?

03/06/2007, 17h33

On May 27, 11:15 am, "_mario.lat" <n...@libero.it> wrote:
> hallo,
> I use PHP and I'd like to not write in hardcoded way password
> and login to access to mysql.
> how to not write password in code for access to mysql?
> How can I do?
> I'd like that who see my code don't see my paswords.
> there is a solution?
> Thank you in advance.
> Mario.

What is this groups overall view on setting up .htaccess with
something like:
php_value auto_prepend_file /path/to/password/file.php

Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it
yet, though if it never "screws up" I'm inclined to think it is more
secure since the path is hidden even when they can see your scripts.

03/06/2007, 22h03

sundby wrote:
> On May 27, 11:15 am, "_mario.lat" <n...@libero.it> wrote:
>> hallo,
>> I use PHP and I'd like to not write in hardcoded way password
>> and login to access to mysql.
>> how to not write password in code for access to mysql?
>> How can I do?
>> I'd like that who see my code don't see my paswords.
>> there is a solution?
>> Thank you in advance.
>> Mario.
>
>
> What is this groups overall view on setting up .htaccess with
> something like:
> php_value auto_prepend_file /path/to/password/file.php
>
> Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it
> yet, though if it never "screws up" I'm inclined to think it is more
> secure since the path is hidden even when they can see your scripts.
>

First of all, what good is it going to do you you? If someone can see
your source code, they can see your .htaccess.

Second, why auto-include the file where it's not needed (i.e. pages
where you don't require database access)?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

04/06/2007, 07h46

> What is this groups overall view on setting up .htaccess with
> something like:
> php_value auto_prepend_file /path/to/password/file.php
>
> Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it
> yet, though if it never "screws up" I'm inclined to think it is more
> secure since the path is hidden even when they can see your scripts.

Why do so in an .htaccess file? Do so in the main apache config.
Besides, I do not think there is much security left if people can see
the source code.
The best way to "protect" the passwords is to make them useless: block
any access from non-known machines (by IP address, for instance).

Best regards,
--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/

03/06/2007, 17h33	#1
sundby Messages: n/a Hébergeur:	Re: how to not write password in code for using to mysql? On May 27, 11:15 am, "_mario.lat" <n...@libero.it> wrote: > hallo, > I use PHP and I'd like to not write in hardcoded way password > and login to access to mysql. > how to not write password in code for access to mysql? > How can I do? > I'd like that who see my code don't see my paswords. > there is a solution? > Thank you in advance. > Mario. What is this groups overall view on setting up .htaccess with something like: php_value auto_prepend_file /path/to/password/file.php Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it yet, though if it never "screws up" I'm inclined to think it is more secure since the path is hidden even when they can see your scripts.

03/06/2007, 22h03	#2
Jerry Stuckle Messages: n/a Hébergeur:	Re: how to not write password in code for using to mysql? sundby wrote: > On May 27, 11:15 am, "_mario.lat" <n...@libero.it> wrote: >> hallo, >> I use PHP and I'd like to not write in hardcoded way password >> and login to access to mysql. >> how to not write password in code for access to mysql? >> How can I do? >> I'd like that who see my code don't see my paswords. >> there is a solution? >> Thank you in advance. >> Mario. > > > What is this groups overall view on setting up .htaccess with > something like: > php_value auto_prepend_file /path/to/password/file.php > > Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it > yet, though if it never "screws up" I'm inclined to think it is more > secure since the path is hidden even when they can see your scripts. > First of all, what good is it going to do you you? If someone can see your source code, they can see your .htaccess. Second, why auto-include the file where it's not needed (i.e. pages where you don't require database access)? -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================

04/06/2007, 07h46	#3
Willem Bogaerts Messages: n/a Hébergeur:	Re: how to not write password in code for using to mysql? > What is this groups overall view on setting up .htaccess with > something like: > php_value auto_prepend_file /path/to/password/file.php > > Is this a "Good Thing" or a "Bad Thing"? I have not deared to use it > yet, though if it never "screws up" I'm inclined to think it is more > secure since the path is hidden even when they can see your scripts. Why do so in an .htaccess file? Do so in the main apache config. Besides, I do not think there is much security left if people can see the source code. The best way to "protect" the passwords is to make them useless: block any access from non-known machines (by IP address, for instance). Best regards, -- Willem Bogaerts Application smith Kratz B.V. http://www.kratz.nl/

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email