I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password.
One solution is to make the database only accessible from localhost (you could create a new user/pass for outside localhost). That way nobody has any use for that password. Furthermore I believe it's impossible to access the php code since apache always runs it through PHP, but I'm not an expert on that. "- Edwin -" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > On Wednesday 30 June 2004 09:58, Bob Hockney wrote: > > Hi there, > > > > I wrote a php script that accesses a database, and I am > > wondering about securing the password to the database. I > > could prompt the user for the password every session, but > > I don't necessarily want the user to have the password. > > You mean the password for the database? Why would the user > need that? If the users need a password to access the site, > then create one for the *site*. Only you and your scripts > need to know what the password for the database is... > > > Unless I'm missing something, any on-disk place I store > > the password needs to be readable by PHP, and therefore > > isn't very secure. I have restricted the rights of the > > database user, but I'm wondering how others have dealt > > with this, or maybe I'm completely missing the point. > > Or, am I missing the point? :) > > - E - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
