Can anyone tell me how i can prevent that users can see my connection string
to mysql database?
Using my browser i could easely use the function: view source.....showing
the html/php code.
IF the file includes the connection string than anyone could see my database
name and password.....
How can i prevent this??
Please help.
Mark
In article
"Mark@home"
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....showing
> the html/php code.
>
> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??
>
> Please help.
> Mark
If the server is set up properly no php code will be sent to the
browser... php is a server side scripting language that is processed on
the server and should never get sent to the browser when a page is
requested.
Al.
--
Alan Cole. E-mail: justal at lineone dot net
http://www.forces-of-nature.co.uk [Coastal Sports]
http://www.pixelwave.co.uk [Website Design, hosting and promotion]
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
>
> Using my browser i could easely use the function: view source.....showing
> the html/php code.
>
> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??
Well, why don't you actually try viewing the source of the output
created by your PHP script and see what is there.
Anything useful to see? If there is, you put it there so take it out.
---
Steve
Thanks Alan ...this is the answer i was looking for...hehe
i am a newbee...as you well guessed...lol
Now i can stop worrying on security and start designing and learning....my
webpage with sql ( read only)
"Alan Cole"
news:justal-9C4347.16103308032006@nntp-readers.plus.net...
> In article
> "Mark@home"
>
>> Can anyone tell me how i can prevent that users can see my connection
>> string
>> to mysql database?
>>
>> Using my browser i could easely use the function: view
>> source.....showing
>> the html/php code.
>>
>> IF the file includes the connection string than anyone could see my
>> database
>> name and password.....
>>
>> How can i prevent this??
>>
>> Please help.
>> Mark
>
> If the server is set up properly no php code will be sent to the
> browser... php is a server side scripting language that is processed on
> the server and should never get sent to the browser when a page is
> requested.
>
> Al.
>
> --
> Alan Cole. E-mail: justal at lineone dot net
> http://www.forces-of-nature.co.uk [Coastal Sports]
> http://www.pixelwave.co.uk [Website Design, hosting and promotion]
Mark@home wrote:
> Can anyone tell me how i can prevent that users can see my connection string
> to mysql database?
You see to that the page is processed by php and you avoid
echo "secret data: mysql_connect('example.com:3307', 'mysql_user',
'mysql_password')";
> Using my browser i could easely use the function: view source.....showing
> the html/php code.
Have you ever tried to look at the "source" of a processed php script?
> IF the file includes the connection string than anyone could see my database
> name and password.....
>
> How can i prevent this??
Include files should end with php, eg myfile.inc.php
myfile.php
If you let the php files end with .inc (or anything else than php), then you
need to modify your server settings, so that the include files are processed, eg
AddType application/x-httpd-php .inc
//Aho
Mark@home wrote:
> Thanks Alan ...this is the answer i was looking for...hehe
> i am a newbee...as you well guessed...lol
> Now i can stop worrying on security and start designing and learning....
Absolutely not. Thinking the code you write would be sent to the
browser has nothing to do with security, it's simply a misunderstanding
of the technology.
You have much to learn about code security if you want to keep your ISP
happy and web site showing content you intended to be there.
Anyway, good luck with your future PHP development.