Posted by .....hG on 02/18/05 18:00

Thanks everyone for your input. I was just curios since everyone is so
concern about security, yet some messageboards/CMS use passwords for their
databases on the index page or an include.

--
....hG

http://www.helmutgranda.com


"Robby Russell" <robby@planetargon.com> wrote in message
news:1108699420.5381.7.camel@linus...
: On Thu, 2005-02-17 at 20:47 -0600, .....hG wrote:
: > While back I read in an article that placing UN and PASSwords in a PHP
was
: > not secure. couple of open source programs that I have seen they have
for
: > example
: >
: > $database = ####;
: > $username = $$$$;
: > $password = ####;
: >
: > It makes me wonder how secure in reallity it is to place your UN and
: > Passwords on a PHP file.
: >
: > Thanks for your input
: >
:
: Well, what do you suggest we do? We could ask the code you write to
: guess the username and password?
:
: >From the web, if you do it right, there is no way to really find out
: what the user/pass is. Don't keep it in your webroot if you can help it
: is a good way to avoid any issues. The only people who should have
: access to the file are you and your webserver process.
:
: if you put a file in your directory called, db.inc.php and it looks like
: so:
:
: <?php
:
: // robbys secret password
: $super_secret_password = "noonewillguessthisone";
:
: ?>
:
: .. if php is properly configured, this will never be displayed
: at /db.inc.php ... will just show a blank page
:
:
: --
: /***************************************
: * Robby Russell | Owner.Developer.Geek
: * PLANET ARGON | www.planetargon.com
: * Portland, OR | robby@planetargon.com
: * 503.351.4730 | blog.planetargon.com
: * PHP/PostgreSQL Hosting & Development
: * --- Now hosting Ruby on Rails Apps ---
: ****************************************/

[Back to original message]