Security Question

Anon

I'm a new php user. I'm using PHP4 with mySQL. My question is that: In order to connect to my database I have to enter my l/p, is it possible for someone to d/l the .php (not view source since it won't show but to d/l the actual page to the HD) and view my login/password?

If so what can I do against it?

Thanks,

Anon

Hi,

As long as your webserver is configured to send files with the extension .php through the php-module that would not be possible. Still, we cannot rely on that since our server could go bananas and send the php-source as plain text. I prefer to place passwords in a file outside the http-root and use include().

Johan

Anon

Yes, and also make sure other people on the server don't have access to the script(s).