[Phpwm] Basic PHP Query (Very basic!)

Thu Apr 27 16:52:18 BST 2006

Thanks guys - great bit of advice (is this good etiquette to post
'thanks' messages? Possibly clogging up peoples boxes?)

Justin

-----Original Message-----
From: phpwm-bounces at mailman.lug.org.uk
[mailto:phpwm-bounces at mailman.lug.org.uk] On Behalf Of Phil Beynon
Sent: 27 April 2006 16:49
To: phpwm at mailman.lug.org.uk
Subject: RE: [Phpwm] Basic PHP Query (Very basic!)

> > The best way really to manage site database passwords is to
> have an included
> > file which holds bits like passwords and configuration settings such

> > as siteadmin's email addresses in a different subdirectory, with
> some form of
> > index file in there so no one can see whats its called.
>
> I prefer to have a file called e.g. config.php which looks like :
>
> <?php
> $username = "bar";
> $password = "foo";
> $email = "spam at yahoo.com";
> ....
> ?>
>
> You can then load the config in all scripts by doing a simple :
> require_once("config.php");
>
>
> Even if someone can guess the right file name, they won't be able to 
> see the contents as php will interpret the file, and output nothing.
>
> Just don't call the file config.inc, as this will normally be returned

> to the browser as a text file - allowing anyone to see the contents 
> (once they guess the name that is).
>
> Calling the file something like config.php makes it obvious to a 
> maintainer what it does, is easy to find (and almost a defacto
standard).
>
>
> Hiding a file in a 'random' directory provides no real security, and 
> index files provide only moderate protection - if your app is 
> distributed to many people a (cr|h)acker would eventually cotton on 
> and know where to look.
>
> David.
>
> --
> David Goodwin
>
> [ david at codepoets dot co dot uk ]
> [ http://www.codepoets.co.uk       ]
>

Yep that's exactly what I meant, but David wrote it much better! Thanks
David!

Regards,

Phil Beynon
Sales director

** http://www.diygear.com THE Online DIY Toolstore For DIY & Business
** Infolink Electronic Systems Ltd. http://www.infolinkelectronics.co.uk
** Professional Web Design & Cobalt Hosting Solutions
** Contact: Sales at infolinkelectronics.co.uk
** Tel / Fax 0121 458 4894 (office) 0121 441 3558 (home) 07801 548464
(mobile)

_______________________________________________
Phpwm mailing list
Phpwm at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/phpwm

-----------------------------------------------------------------------
This Message has been Scanned by SurfControl(c) Email Filter
-----------------------------------------------------------------------

Co-operative IT is part of The Midcounties Co-operative 
The Midcounties Co-operative is an innovative co-operative business, owned by its customers and staff in the 9 counties it spans. We trade in a number of retail sectors including food, travel, funerals, motors, childcare, pharmacy, post offices and IT. We are proud to be a successful co-operative, founded on co-operative values and principles that co-ops share throughout the world.

This e-mail is confidential and is for the named recipient(s) only. If you are not the named recipient(s) please do not disseminate or copy this e-mail, but please delete it and any copies from your computer.  The Midcounties Co-operative has taken reasonable precautions to ensure that any attachment to this e-mail has been checked for viruses. However, we cannot accept liability for any damage sustained as a result of any such viruses and advise you to carry out your own virus checks before opening any attachment. Furthermore, we do not accept responsibility for any change made to this message after it was sent by the sender.