Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
where a given script needs to interact with a database without user invervention, except for the page request, (say, for an image gallery or other list of data) the script needs to pass the correct credentials to the database to obtain the required information.
I've looked around and, assuming that one does not have the option of storing the information outside of the publicly accessible webroot, the next best thing seems to be to protect the data with .htaccess, as described here: http://www.si.umich.edu/computing/howto ... curity.php or here: viewtopic.php?t=6680
Is this reasonably effective security or is there a better (and not excessively complicated) way to accomplish this?
AGISB wrote:Why can't you store the info outside the web accessable area?
Simply use an include to a file outside the accessable area in which those connection details are set.
It's a hosted server so I only have ftp access to the web directory.
The next important thing is that the db username and password is only set to what the web application needs to do.
a) Nobody should ever see your php code since it's parsed by the ser
b) When you FTP to your host you surely have access to more than the public_html dir?
d11wtq wrote:a) Nobody should ever see your php code since it's parsed by the ser
b) When you FTP to your host you surely have access to more than the public_html dir?
Use ../ if you need to go up a level
I tried "../" before and received "Permission Denied" as a response - from there I just assumed I had had no access to anything above public_html.