Page 1 of 1
Where and how do you store SQL variables on your website?
Posted: Sat Apr 12, 2003 8:42 pm
by MattSharp
I need to store some variables for accessing my SQL database. I don't know where a good place is to store them to be as secure as possible.
Thanks.
Posted: Sat Apr 12, 2003 11:29 pm
by McGruff
You mean the name & pass used to connect to the mysql server?
Put a connection script in a folder protected by .htaccess "deny from all" and include it wherever it's needed.
It could be a good idea to create different mysql users with different privileges granting ordinary site visitors fewer privileges than admin users - just what they need and no more.
Posted: Sun Apr 13, 2003 12:02 am
by MattSharp
So if its included somewhere in a protected directory, then your php sites can still access it but nothing else can?
Posted: Sun Apr 13, 2003 1:10 am
by McGruff
Php scripts can include() the file OK but it cannot be opened directly.
Posted: Sun Apr 13, 2003 2:25 am
by m3mn0n
That's hyper secure

, i just leave the variables in the regular directory but change the
chmod() permissions.
Posted: Thu Apr 24, 2003 9:38 am
by MattSharp
Oromian wrote:That's hyper secure

, i just leave the variables in the regular directory but change the
chmod() permissions.
So do you like change the permissions on the fly? Like at the top of the file? Does that make it so that people can't see it or what?