1. SSL will encrypt the data sent between the browser and the server, 2. Depending on the database, it should have it's own authentication mechanism which the PHP script needs to pass before the database will allow access. 3. Depending on what you need to do, you can limit the use of system username/passwords even more by setting up your own username/password list just for the specific database, which is not part of the database engine itself...
I might be goin too far ahead of myself, but those are some options.. On Wednesday 09 October 2002 12:17, Anup wrote: > I belive you can have the file atleast one directory below your root web > folder (so web surfers have no access, just your script). Also since the > HTML->PHP is unsecure over HTTP, look into HTTPS , I believe this is > related to SSL (Secure Socket Layer). Without SSL, you will be POSTing your > user/pass enter from the HTML form in plain text, which is always a target > for packet sniffers. > > Hopefully that will shed some light, BUT I myself am not familiar with SSL > so please check with a more experienced/knowledged person. > > "Roman Duriancik" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > If I want to secure the access to the database by asking for passwd, what > > should I do ? I suppose I need a secure connection to transfer the > > username > > > and passwd between HTML form and the script - how do I make that ? > > How do I secure the database file with passwords and user names so that > > it cannot be accessed by anyone, just by allowed users ? > > > > thank you > > roman -- Vidyut Luther Linuxpowered, Inc http://www.linuxpowered.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
