|
|
Posted by K Brown on 08/18/06 17:43
As long as you have the permission set properly you should not have a
problem. And you really don't have a choice, the password has to be stored
some where. So the bottom line is if you don't know how to set permssions on
a server you should not be putting up a website that you hope is secure.
Learn how to set the permissions properly.
Here are some basic rules of thumb:
All php source files should only be writeable by the user that is doing the
editing of the php source files.
The user doing the editing should not be in the same group as the apache
user. The apache user should be a nonpriviledged user account, NOT ROOT!!!
AND NOT THE OWNER OF THE PHP FILES!!!!
If you follow the rules of thumb then chmod 664 or 644 should be sufficient.
test your permission by typing the url to your php files in a browser, if
you see source code you have a serious security problem. If you can see it
in a browser so can anyone else, or a webspider..... not good.
Also never use Javascript for security all anyone has to do is disable
javascript in their browser and they are right in.
KBrown
www.gpmicro.com
the Freshest, Hottest, Securest online backup on the planet.
<nobody@thisaddress.net> wrote in message news:DSbFg.74223$MW.54@trnddc04...
> Hello,
>
> Im new to PHP and MySQL and decided to write my first PHP script that will
> take an email address from a form (newsletter sign up) and store it in a
> MySQL database.
>
> From my initial learnings on PHP, I must first connect to the database:
>
> $connect = mysql_connect("localhost","username","password");
>
> Is the above line of code a security risk to hackers and spammers? I know
> PHP is executed on the server side, but I feel having a file sitting on
> the server(http) with this sensitive info is vulnerable.
>
> Is there nothing to worry about or should I be aware of additional
> security measures? Thank you in advance for your time and words.
>
> George
> http://gpalzproductions.com
Navigation:
[Reply to this message]
|