Posted by Jerry Stuckle on 10/21/07 02:05

Tim Roberts wrote:
> Puckdropper <puckdropper@yahoo.com> wrote:
>> My theory is program on the web like they can see your source code. The
>> only issue I haven't solved is that of DB password in scripts.
>
> That's a very good point. I'd be curious to know what others have done
> about that.
>
> I've considered setting my database so that the user "apache" has no
> password; I'm not sure that's any better or worse that putting the password
> in a .php source file.

Worse. That way anyone who uploads a script can access your database.
With a userid/password, they have to download it first.

If you want perfect security, take you machine, disconnect it from any
communications links, stick it in an RF-shielded room running on
batteries and close and weld the door shut. No one should be able to
access your private data that way.

Short of that, there is not way. And if you're using shared hosting,
every admin on your hosting service has access to everything on your site.

Security is not about prevention, just like there is no way to prevent
someone from breaking into your home. There is no such thing. What it
is is about identifying undesired ways of accessing your files and
limiting the effect of exposure. It's just like locking your valuables
in a bank vault to limit your exposure if someone breaks into your house.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]