Security on website construction

Anon

Dear all,

I would like to buid a webite which is run using mysql database. One of the files contains login and password to open the database. Where should this file be placed, in security consideration, since hackers are everywhere. Anyway, please give me some general idea or remarks to be considered for all files' configuration. Thanks a lot.

Sincerely yours,
Simon

Anon

Dear Simon,

When a hacker breaks into a server, it doesnt matter where the database login script is...u see
i wud advise u store the login name and password in a file that you read in all your scripts....this will save u the effort to change files when u change the database login and password...also the login name and password will be at one place....

i hope i have solved u r queries...

thefury

Just make sure you keep the passwords md5ed and your mysql user account is only usable threw the web host.

You can make a very secure login system with out being a rocket scientist.

Anon

also remember to name use a .php (or whatever scripting language you use) extension beacuse if you use .inc, which is popular for include files, you could see the content of that file in a web browser,if you would enter its url for some reason...

Anon

Yeh fair enough but surely you could just save the website and open it in say dreamweaver and view the php that way! I know this because i learnt a lot of php tricks by viewing other authors code! dont worry i aint a cracker though! dont have the brains for that!

Anon

na, ya cant do that since the php code is processed on the webserver and only the html code is sent to the browser...