Need help protecting contents of a file
Posted: Sun Oct 19, 2003 4:20 am
Hello there.. I am setting up a PHP script for a site on my server. One of the files in that script, config.inc.php contains this code:
This config.inc.php contains the info needed to connect to MySQL. On my website however, the same userid and password used to login to MySQL is also the same userid and password to login to my websites control Enism Control Panel to admin the website.
So, all someone has to do is save this file to their HD using a web coping software, then open the file, get my login userid and pass, and goto http://www.mydomain.com/admin , and they can get into my control panel for the site. I have had this done before. Someone used a website copying software, copied everything off my website, got my userid and password and was able access my site. So, I am trying to hide or protect this info to keep it safe.
I have tried placing the file with the login info outside of my websites webroot, but I cannot get PHP to read files outside of the webroot.
I have placed the file in “c:/php/incudes” and added that to the “include_file” setting in my php,ini file, and then tried to include the file in my scripts and that did not work.
I tried to encode my file with the Zend Encoder, but when I tried to install Zend Optimizer, I could not get it to work on my Windoze2k3 system.
How can I protect my login info yet still be able to use it in my scripts? Any ideas?
Thanks in advance…
CyberSpatium
Code: Select all
<?php
# setup database
$host = “localhost”;
$user = “username”;
$pass = “password”;
$db = “database”;
?>So, all someone has to do is save this file to their HD using a web coping software, then open the file, get my login userid and pass, and goto http://www.mydomain.com/admin , and they can get into my control panel for the site. I have had this done before. Someone used a website copying software, copied everything off my website, got my userid and password and was able access my site. So, I am trying to hide or protect this info to keep it safe.
I have tried placing the file with the login info outside of my websites webroot, but I cannot get PHP to read files outside of the webroot.
I have placed the file in “c:/php/incudes” and added that to the “include_file” setting in my php,ini file, and then tried to include the file in my scripts and that did not work.
I tried to encode my file with the Zend Encoder, but when I tried to install Zend Optimizer, I could not get it to work on my Windoze2k3 system.
How can I protect my login info yet still be able to use it in my scripts? Any ideas?
Thanks in advance…
CyberSpatium