[Phpwm] Basic PHP Query (Very basic!)

Phil Beynon phil at infolinkelectronics.co.uk
Thu Apr 27 16:49:39 BST 2006


> > The best way really to manage site database passwords is to
> have an included
> > file which holds bits like passwords and configuration settings such as
> > siteadmin's email addresses in a different subdirectory, with
> some form of
> > index file in there so no one can see whats its called.
>
> I prefer to have a file called e.g. config.php which looks like :
>
> <?php
> $username = "bar";
> $password = "foo";
> $email = "spam at yahoo.com";
> ....
> ?>
>
> You can then load the config in all scripts by doing a simple :
> require_once("config.php");
>
>
> Even if someone can guess the right file name, they won't be able to see
> the contents as php will interpret the file, and output nothing.
>
> Just don't call the file config.inc, as this will normally be returned
> to the browser as a text file - allowing anyone to see the contents
> (once they guess the name that is).
>
> Calling the file something like config.php makes it obvious to a
> maintainer what it does, is easy to find (and almost a defacto standard).
>
>
> Hiding a file in a 'random' directory provides no real security, and
> index files provide only moderate protection - if your app is
> distributed to many people a (cr|h)acker would eventually cotton on and
> know where to look.
>
> David.
>
> --
> David Goodwin
>
> [ david at codepoets dot co dot uk ]
> [ http://www.codepoets.co.uk       ]
>

Yep that's exactly what I meant, but David wrote it much better! Thanks
David!

Regards,

Phil Beynon
Sales director

** http://www.diygear.com THE Online DIY Toolstore For DIY & Business
** Infolink Electronic Systems Ltd. http://www.infolinkelectronics.co.uk
** Professional Web Design & Cobalt Hosting Solutions
** Contact: Sales at infolinkelectronics.co.uk
** Tel / Fax 0121 458 4894 (office) 0121 441 3558 (home) 07801 548464
(mobile)




More information about the Phpwm mailing list