Hi there,
Still learning the art of PHP and looking for some guidance...
I have created a Content Management System for a site that I am working on - the whole site is based on dynamic content. The problem I have is that currently my database login info is in a file that I include in all scripts that require the database. It just holds a persistant connection with my username and password. I realise that this is not secure as this file is within a 'web' folder.
What is the most common solution to this kind of problem, is it a permission thing, or can the file be placed in a non-web folder and accessed from there?????...................
Any help would be great...
Regards,
Naz
Security in PHP scripts containing MySQL login info..
Moderator: General Moderators
- Sevengraff
- Forum Contributor
- Posts: 232
- Joined: Thu Apr 25, 2002 9:34 pm
- Location: California USA
- Contact:
Put the dlid in a folder protected by .htaccess (deny from all).
Your scripts can still include it, but no-one can open it to get your server connection name & pass.
You might want also want to disable ftp access for this folder. I'm embarassed to say I'm a bit unclear about that one since any site I've worked has never used ftp downloads.
So how did I become a "programmer"? Well...
Your scripts can still include it, but no-one can open it to get your server connection name & pass.
You might want also want to disable ftp access for this folder. I'm embarassed to say I'm a bit unclear about that one since any site I've worked has never used ftp downloads.
So how did I become a "programmer"? Well...