Yes that is what I mean, but also When I played with my Apache I
saw ALL my information on the screen without any error message.
Actually it maybe that my PHP server was down at that moment
as well, well, I must check it up
Youri
On 7 Aug 2001, at 13:00, Bjorn Van Simaeys wrote:
> Hi,
>
>
> I think BRACK a.k.a. Jouri means that the connection
> string (from the PHP pages) would be visible in the
> client's browser once the SQL server stops running.
> However, I am not so sure about this as all commands
> are processed on the server - it will, however display
> an error message that the SQL server is inaccessible.
>
>
> Greetz,
> Bjorn Van Simaeys
> www.bvsenterprises.com
>
>
>
> --- Tyler Longren <[EMAIL PROTECTED]> wrote:
> > If the SQL server is down how will he hack it?
> > That's like hacking a
> > webserver that doesn't exist.
> >
> > Tyler Longren
> > Captain Jack Communications
> > [EMAIL PROTECTED]
> > www.captainjack.com
> >
> >
> > On Tue, 7 Aug 2001 21:35:58 +0200
> > "BRACK" <[EMAIL PROTECTED]> wrote:
> >
> > > I just wanned to bring the issue of security of
> > MySQL connection:
> > >
> > > Let us imagine that SQL server was down for some
> > hours (of
> > > course without us knowing it) and at the same
> > hours our SQL site
> > > was visited by some kind of hacker, he can see on
> > his screen all
> > > our SQL connection info like username, password,
> > and database
> > > name. You may hide this information in different
> > file than the file
> > > that your users open then the hacker will see
> > something like
> > > "include("connect.inc");" or
> > "require("connect.inc");" (of course IF
> > > server is down). So you may only imagine the
> > consequences of
> > > this visit of the hacker. What can we do to
> > protect our sensitive
> > > information if SQL server is down?
> > >
> > > Youri
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
<>< <>< <>< <>< God is our provider ><> ><> ><> ><>
http://www.body-builders.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
