entering mysql with php

Anon

My problem is that i want to make updates on my database in mysql using php. To do this i have to open a conection to mysql server using php. But to do this i use the command:
mysql_pconnect(localhost,user,password). this php file has permissions 711. But this way, "anyone using my server and other people" can see my password, by editing the file. And if i use no password with my sql database, it's even worst, right? Can someone help me ?? thanks

Pedro Vasconcelos

brandonschnell

your choices are bad and worse.

typically your best bet is if no one else uses the server. in that case you can create a php file with the mysql username/password as variables, move it out of the apache root, and include the file at the start of any php file that needs to make mysql db calls.

but this means that anyone who can telnet to the machine can also read the include file with username & passwords. someone else on this board (can't remember the nick right now, you know who you are) had the suggestion that the host can run a seperate instance of apache for each user. when apache starts up it would read a protected file in the users home directory that only the user has access to and set the mysql username/password as apache environmental variables. but most isps aren't likely to do this as they're more concerned about profit then they are security with their el cheapo hosting accounts.

Anon

Zend has an encoder product that convert the php files to binary. This may be the best bet. www.zend.com

losang

[deleted]

If you can afford it....$2400

losang

There is a subscription based package that includes the encoder for $50/month

Anon

Why not prompt the user (you) for the password then pass the answer to mysql_pconnect?