For Programmers: Free Programming Magazines  


Home > Archive > PHP Language > March 2006 > how to prevent REading source with browser









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author how to prevent REading source with browser
Mark@home

2006-03-08, 6:56 pm

Can anyone tell me how i can prevent that users can see my connection string
to mysql database?

Using my browser i could easely use the function: view source.....showing
the html/php code.

IF the file includes the connection string than anyone could see my database
name and password.....

How can i prevent this??

Please help.
Mark


Johannes Wienke

2006-03-08, 6:56 pm

Am 08.03.2006 17:10 schrieb Mark@home:
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....showing
> the html/php code.

No, noone can see the php-code, because the server executes it before it
is sent to the client.

> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??

Not nessecary, because of the fact I mentioned above.
Ben Bacarisse

2006-03-08, 6:56 pm

On Wed, 08 Mar 2006 17:10:38 +0100, Mark@home wrote:

> Can anyone tell me how i can prevent that users can see my connection
> string to mysql database?

And you multi-posted rather than crossposted to at least comp.lang.php.
This is considered bad form -- answers you get there will not be seen here
and so people here will duplicate effort trying to help you.

--
Ben.
Christian Hansel

2006-03-09, 7:55 am

johan wrote:

> On Wed, 08 Mar 2006 17:24:52 +0100, Johannes Wienke wrote:
>

Execpt you try to run embedded php (inside HTML) on a server which actually
doesn't allow to run php at all. Otherwise script source shouldn't be
visible
[color=darkred]
>
> At least when the server is well configured.(it could be broken for many
> reasons)
> It should be good practice to put the configuration files outside
> of the DocumentRoot and make them end with .inc.php for instance. Good
> providers should provide a FTP accessible area outside of the DocumentRoot
> of the virtual host.
> If you are running your own server, you rule of course !
>
> Johan

Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com