HOw to prevent simple View source to retrieve password

Re: HOw to prevent simple View source to retrieve password

Mark@home wrote:[color=blue]
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....show ing
> the html/php code.[/color]

What?! If you are using the browser's view source command to see the PHP
code, then your web server is not set up properly. PHP code should be
interpreted on the server side, and hidden from the client at all times.
[color=blue]
> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??[/color]

Be sure that you are storing that file outside your document root for
the site. If you can't do that, then be sure that you have the file
named in a way where the web server will parse it as a PHP type (ie.
db-details.php)

There are many options, these are just the easiest ones.

Re: HOw to prevent simple View source to retrieve password

Mark@home wrote:[color=blue]
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....show ing
> the html/php code.
>
> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??
>
> Please help.
> Mark
>
>[/color]

If view source shows any PHP code, then there's a configuration problem
with your server. When a user visits one of your PHP pages, the server
should execute the PHP and send the generated HTML to the client, so the
client can never see the PHP code at all.

Are you storing the password in a PHP file with an .inc extension? If
so, simply rename your .inc files to .php so the client can never see
your PHP code.

Re: HOw to prevent simple View source to retrieve password

Your php code isn't visible to the html end user. If it is, the code isn't
inside php tags

"Mark@home" <donnersm@home. nl> a écrit dans le message de news:
61a0f$440f0265$ 89781b7f$13050@ news1.tudelft.n l...[color=blue]
> Can anyone tell me how i can prevent that users can see my connection
> string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....show ing
> the html/php code.
>
> IF the file includes the connection string than anyone could see my
> database
> name and password.....
>
> How can i prevent this??
>
> Please help.
> Mark
>
>
>[/color]

Re: HOw to prevent simple View source to retrieve password

On Wed, 08 Mar 2006 17:37:41 +0100, Bob Bedford wrote:
[color=blue]
> "Mark@home" <donnersm@home. nl> a écrit dans le message de news:
> 61a0f$440f0265$ 89781b7f$13050@ news1.tudelft.n l...[color=green]
>> Can anyone tell me how i can prevent that users can see my connection
>> string
>> to mysql database?
>>
>> Using my browser i could easely use the function: view
>> source.....show ing the html/php code.[/color][/color]
[color=blue]
> Your php code isn't visible to the html end user. If it is, the code
> isn't inside php tags[/color]

[top posting fixed]

It is not the <?php...?> marks that do it. Most web servers decide (a)
what type of data is in a file, and (b) what to do with it (PHP processing
in only one option here) based on the file's name. This can include the
directory part, the file extension or whatever.

For example, my local server treats everything in /cgi-bin or anything
ending .cgi as a program to execute and everything ending .php as
requiring PHP processing. The rules are usually set by the system
administrator and *may* be alterable by users on a per-directory basis.

--
Ben.