Home > Archive > PHP DB > July 2005 > RE: [PHP-DB] mysql_connect($server,$user,$password);
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
RE: [PHP-DB] mysql_connect($server,$user,$password);
|
|
| Miguel Guirao 2005-07-27, 5:02 pm |
|
Remember that PHP is a server-side scripting language, so all PHP code is
parsed at the server side and you will never see the code but the results,
second, the .php files should have permissions that do not allow direct
acces to them, but thru the web browser!!
So, basically there is no problem with those parameters used to connect to
the DB
Chicolinux
-----Original Message-----
From: Chuck Han [mailto:csh@stanfordalumni.org]
Sent: Miércoles, 27 de Julio de 2005 03:41 p.m.
To: php-db@lists.php.net
Subject: [PHP-DB] mysql_connect($server,$user,$password);
Much of the password discussion I've seen revolves around encrypting the
user-supplied password, but what about the user/password used to make the
initial connection? In other words, I'm assuming that the .php file has the
initial user and password right in the text in order to make the connection.
Is there a way around this, because it seems very insecure to me that these
parameters would be in the .php source. Or is the .php source supposedly
not readable?
thanks, Chuck
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Este mensaje es exclusivamente para el uso de la persona o entidad a quien esta dirigido; contiene informacion estrictamente confidencial y legalmente protegida, cuya divulgacion es sancionada por la ley. Si el lector de este mensaje no es a quien esta di
rigido, ni se trata del empleado o agente responsable de esta informacion, se le notifica por medio del presente, que su reproduccion y distribucion, esta estrictamente prohibida. Si Usted recibio este comunicado por error, favor de notificarlo inmediatam
ente al remitente y destruir el mensaje. Todas las opiniones contenidas en este mail son propias del autor del mensaje y no necesariamente coinciden con las de Radiomovil Dipsa, S.A. de C.V. o alguna de sus empresas controladas, controladoras, afiliadas y
subsidiarias. Este mensaje intencionalmente no contiene acentos.
This message is for the sole use of the person or entity to whom it is being sent. Therefore, it contains strictly confidential and legally protected material whose disclosure is subject to penalty by law. If the person reading this message is not the o
ne to whom it is being sent and/or is not an employee or the responsible agent for this information, this person is herein notified that any unauthorized dissemination, distribution or copying of the materials included in this facsimile is strictly prohib
ited. If you received this document by mistake please notify immediately to the subscriber and destroy the message. Any opinions contained in this e-mail are those of the author of the message and do not necessarily coincide with those of Radiomovil Dip
sa, S.A. de C.V. or any of its control, controlled, affiliates and subsidiaries companies. No part of this message or attachments may be used or reproduced in any manner whatsoever.
|
|
|
|
|