Posted by Phil Coen on 07/13/05 02:43

I have been learning PHP on my own time and have an Apache server on my
network at home. Obviously security is not a problem on this setup.

But as I begin to think about actually using code on a publicly addressably
server someday, the examples in my books seem to be wide open to the world.

Most use an HTML form that calls a separate php program. Most of the
passwords are either hard coded in that php module or are in a file
accessable by that module.

Heck, anybody can download the php script and look at the passwords. Or,
use it to see what file it is pointing to.

Am I missing something here?

Where should the logon security for the web site actually be?

Thanks anybody
Phil

• Next in forum: Re: mysql_result(): supplied argument is not a valid.....
• Prev in forum: php my admin - reinventing the wheel - mysql front-end
• Thread view: Question on password visibilty?

[Reply to this message]