I played around with this, but couldn't get this to work in my httpd.conf: php_value disable_functions phpinfo
Not sure why. I did discover, however, that the username and password will no show up in phpinfo UNLESS phpinfo() is called from within the directory, in our example that would be /var/www/html/mydatabase. That would mean that in order for someone to get the user/pass, they would have to write a php script into my directory. Any more thoughts? This seems very appealing to me. Thanks, Peter Janett New Media One Web Services, LLC http://www.newmediaone.net [EMAIL PROTECTED] (303)828-9882 -----Original Message----- From: Derick Rethans [mailto:[EMAIL PROTECTED] Sent: Monday, June 30, 2003 2:59 PM To: Wendell Brown Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP] web site security: how to hide login info for mysql-connection On Mon, 30 Jun 2003, Wendell Brown wrote: > On Mon, 30 Jun 2003 13:50:21 -0600, Peter Janett wrote: > > ><Directory /var/www/html/mydatabase> > > php_value mysql.default_user fred > > php_value mysql.default_password secret > > php_value mysql.default_host server.example.com > ></Directory> > > Hmmmm.... what about phpinfo()? It shows those settings in the clear. php_value disable_functions phpinfo Derick -- "Interpreting what the GPL actually means is a job best left to those that read the future by examining animal entrails." ------------------------------------------------------------------------- Derick Rethans http://derickrethans.nl/ International PHP Magazine http://php-mag.net/ ------------------------------------------------------------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
