Posted by Justin Koivisto on 03/08/06 18:37

Mark@home wrote:
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....showing
> the html/php code.

What?! If you are using the browser's view source command to see the PHP
code, then your web server is not set up properly. PHP code should be
interpreted on the server side, and hidden from the client at all times.

> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??

Be sure that you are storing that file outside your document root for
the site. If you can't do that, then be sure that you have the file
named in a way where the web server will parse it as a PHP type (ie.
db-details.php)

There are many options, these are just the easiest ones.

• Next in forum: Re: HOw to prevent simple View source to retrieve password
• Prev in forum: Re: HOw to prevent simple View source to retrieve password
• Thread view: Re: HOw to prevent simple View source to retrieve password

[Reply to this message]