mysql_connect insecure?

Anon

Hello --

On my site, I plan to have many mysql databases being displayed with PHP code. However, although the actual mysql program is secure with the databases root creates, anyone can make a call like:

mysql_connect("somedatabase","root")

and it will work .. how do I make it so that only people that use

mysql_connect("somedatabase","root","rootspassword")

will be able to get at the database? From what I can tell, user "apache" is running Apache, on my Mandrake 8.1 box.

Thanks in Advance,

Joe Drago

thefury

as long as your account is set only to accept localhost, no one can connect out side of it.

make a file thats in some weird folder with a .php on it that stores your account info in vars. then include it with a @ infront to shutup any errors saying where that file is.

As good as it gets right there.

You gota make sure your php doesnt have any holes in it, thats the only real risk

Anon

The main concern I have is that other people that log into my machine will have the ability to create PHP files that access "root" databases. I am not concerned with web users.

Any ideas?

Joe Drago