At 06:11 PM 12/9/2001 +0000, you wrote:
>I found the problem.
>
>There was a problem with FTP security, and a member decided to look in my
>PHP files and find my MySQL password. He then, obviously, used that MySQL
>password to trash our database.
>
>Mystery solved.
>
>- Jefferrs
A good way to help avoid this is to have all of your database connections
done via include files, and make the include file reside outside the domain
of any servers (i/e web, FTP, etc).
So a page on my site may say something like:
require('/path/to/file/dbconnect.php');
Where that path resides outside the web server and any other server's
accessible areas.
-Mike
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
