Posted by Phil Coen on 07/13/05 02:43
I have been learning PHP on my own time and have an Apache server on my
network at home. Obviously security is not a problem on this setup.
But as I begin to think about actually using code on a publicly addressably
server someday, the examples in my books seem to be wide open to the world.
Most use an HTML form that calls a separate php program. Most of the
passwords are either hard coded in that php module or are in a file
accessable by that module.
Heck, anybody can download the php script and look at the passwords. Or,
use it to see what file it is pointing to.
Am I missing something here?
Where should the logon security for the web site actually be?
Thanks anybody
Phil
[Back to original message]
|