Database access: Protecting a username/password?
Posted: Thu Apr 14, 2005 9:30 pm
In the context of the following:
where a given script needs to interact with a database without user invervention, except for the page request, (say, for an image gallery or other list of data) the script needs to pass the correct credentials to the database to obtain the required information.
I've looked around and, assuming that one does not have the option of storing the information outside of the publicly accessible webroot, the next best thing seems to be to protect the data with .htaccess, as described here: http://www.si.umich.edu/computing/howto ... curity.php or here: viewtopic.php?t=6680
Is this reasonably effective security or is there a better (and not excessively complicated) way to accomplish this?
Code: Select all
$connect_to_database=mysql_connect($sql_server, $db_user, $password);I've looked around and, assuming that one does not have the option of storing the information outside of the publicly accessible webroot, the next best thing seems to be to protect the data with .htaccess, as described here: http://www.si.umich.edu/computing/howto ... curity.php or here: viewtopic.php?t=6680
Is this reasonably effective security or is there a better (and not excessively complicated) way to accomplish this?