Is it safe to load these two into session variables when a user logs in to my application? Or is it better to access the ini-file each time a mysql-connection is needed?
I include the file with unames and passwords as needed. I believe session information should be used for storing user-specific data. If you have 100 sessions open on the server, that's 100 copies of your MySQL username and password being stored as session data -- it just doesn't make sense.
What I don't understand, and hence the questions, is wether session variables are accessible by my website's visitors, or just to the php-scripts on the server.
Session variables are stored on the server, and are only made visible to the user if you choose to do so. In theory, this should alleviate your concerns, but the catch is how well you build your scripts... for example, you might have put a print_r($_SESSION) somewhere in your script for debugging purposes, which would spew the entire contents of their session onto the screen -- this is obviously bad.
So, IMHO, that's two reasons why your MySQL u/p details shouldn't be in the session :)
Justin French
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
