|
|
Posted by Tom on 06/26/07 17:45
On Tue, 26 Jun 2007 17:03:24 -0000, cbmeeks wrote...
>
>I don't know if this has been mentioned, but one way you can do it is
>to store the passwords in some weird place (outside htdocs/www) and
>simply mangle the password.
>
>For example, in some of my python scripts, I load a config file that
>contains password for db.
>
>The password might be: red*igloo
>
>But in the config file, it's: 0r05ed**0igloo55
>
>Then, in python: pass =
>pass.replace("0","").replace("5","").replace("**","*")
>
>That's a crude example but you get the idea. Of course, this is NOT
>bullet proof if the user can browse your source code and they can
>probably figure it out but even if it stops 50% of potential thieves,
>it is worth it because it is so easy to do.
>
>Of course, you should make sure you are using a reliable host from a
>good company.
>http://eblarg.com
>
>
>On May 27, 5:15 am, "_mario.lat" <n...@libero.it> wrote:
>> hallo,
>> I use PHP and I'd like to not write in hardcoded way password
>> and login to access to mysql.
>> how to not write password in code for access to mysql?
>> How can I do?
>> I'd like that who see my code don't see my paswords.
>> there is a solution?
>> Thank you in advance.
>> Mario.
>
>
Besides moving the inc file that stores the password outside of your web
directory, I'd also use the MySQL permissions. You can create a user with
limited command options (e.g. exclude delete, etc.) and can also limit the user
to access from the localhost.
Tom
--
Basic Accounts $5.95 / month or $39.95 / 12 months
http://newsguy.com/overview.htm
Navigation:
[Reply to this message]
|