php & mysql password dilemma

Re: php & mysql password dilemma

ree wrote:
[color=blue]
> Whats the best way to store passwords for MySQL databases on a webserver?
>
> Should you store it in the php file ? or another text file ?
>
> should you search for the value in the file or just include it ?[/color]

I think You should store it in the php file, then just include it.

maciek

Re: php & mysql password dilemma

Regarding this well-known quote, often attributed to Maciej Milczarek's
famous "Thu, 18 Dec 2003 01:15:12 +0100" speech:
[color=blue]
> ree wrote:
>[color=green]
>> Whats the best way to store passwords for MySQL databases on a webserver?
>>
>> Should you store it in the php file ? or another text file ?
>>
>> should you search for the value in the file or just include it ?[/color]
>
> I think You should store it in the php file, then just include it.
>
> maciek[/color]

Just make sure it's in a file that's absoutely, positively going to get
parsed by PHP (and not output as text or HTML). Use "filename.inc.p hp", or
better yet, just "filename.p hp", *not* "filename.i nc" for the include file.

--
-- Rudy Fleminger
-- sp@mmers.and.ev il.ones.will.bo w-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com

Re: php & mysql password dilemma

On 2003-12-17, ree <ree@hotmail.co om> wrote:[color=blue]
> Whats the best way to store passwords for MySQL databases on a webserver?
>
> Should you store it in the php file ? or another text file ?
>
> should you search for the value in the file or just include it ?[/color]

Put the data in, let's say: config.inc.php

Make sure to put it outside your "public_htm l" directory.
This way, if apache or php breaks, they still can't browse to the file.

--
verum ipsum factum