Posted by Steve Chapel on 03/08/06 18:36

Mark@home wrote:
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....showing
> the html/php code.
>
> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??
>
> Please help.
> Mark
>
>

If view source shows any PHP code, then there's a configuration problem
with your server. When a user visits one of your PHP pages, the server
should execute the PHP and send the generated HTML to the client, so the
client can never see the PHP code at all.

Are you storing the password in a PHP file with an .inc extension? If
so, simply rename your .inc files to .php so the client can never see
your PHP code.

• Next in forum: Re: HOw to prevent simple View source to retrieve password
• Prev in forum: Re: UTF-8 and question marks
• Thread view: Re: HOw to prevent simple View source to retrieve password

[Reply to this message]