keeping variables secret...

richblend

ok, the subject was a bit misleading cos its hard to descibe. I have a large hosting package, clients websites are going to be held at www.mysite.com/clientsite. all clients sites will be running from one mySQL database. So the databse info (password, user etc) needs to be accessable by the clients site. ok thats cool.

heres the thing

i want to grant users FTP access to their sites so they can make small modifications. however, i dont want them to be able to read the db info (cos then theyd have access to the db, and could mess stuff up). is there any way i can keep these secret from them?

sarahk

You may be able to give them ftp access to specific folders but in their code when they want db access they have to call an "external" script.

example

on my site I have

/www/virtual/myaccount/htdocs/index.php

but my database setup is at

/www/virtual/myaccount/includes/dbstuff.php

now, anyone with a browser can get to the first page and any file there but noone can get to the includes folder unless they are using a script on the server.

So, if your users had to

include('/www/virtual/myaccount/includes/dbstuff.php');

then they'd still get the database but not the passwords etc.

-- make sure you don't put the username and password in variables or they will be able to echo them out.