Hey Youri,
Could you let us know what file extension you use for
you php files? And give us the exact code/error
message you get on screen. Of course you can hide your
username/pass with xxxxx.
Thanks
Bjorn Van Simaeys
www.bvsenterprises.com
--- Matthew Loff <[EMAIL PROTECTED]> wrote:
>
> How exactly is the username/password from the
> mysql_connect() call shown
> to the browser?
>
> I normally just get a PHP error when the db
> connection can't be made.
> No code is shown, just a line number. If, in your
> case, PHP dumps the
> source code to the browser window when the db
> connection won't work,
> then something has to be wrong. :)
>
> --Matt
>
>
> -----Original Message-----
> From: BRACK [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 09, 2001 5:57 AM
> To: Attila Strauss
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] MySQL connection
>
>
> I have tested again what I said yesterday and found
> that if I have
> problems in PHP support in Apache then all my
> information
> (username and password) are seing simly on the
> screen, so it's not
> about dead SQL server but PHP.
>
> However, I went through all docs that I have on this
> topic and found
> that the only solution of this is to put included
> "connect.php/inc"
> outside of htdocs directory and configure your
> php.ini such a way
> that one outsider directory would be accepted and
> only by php call.
>
> Hope I didn't mess up this time so you are able to
> understand what
> I mean... =))
>
> Thank you for the help anyway, just be aware of
> this PHP prob
> when you pick up provider.
>
> Youri
> On 8 Aug 2001, at 19:33, Attila Strauss wrote:
>
> > hi,
> >
> > there are 2 ways.
> >
> > 1. you hardcore the user/password in the php.ini
> file.
> > 2. u do a simply error checking like :
> >
> > <?php
> > $connect = mysql_connect($host, $user, $pass);
> > if(!$connect)
> > {
> > print "connection failed";
> > }
> >
> > ?>
> >
> > of course you could also do like kinda
> header("Location:
> http://host";); instead of print "connection
> failed".
> >
> > i hope i could help you.
> >
> > best regards
> > attila strauss
> >
> >
> >
> >
> > > Hey Jouri,
> > >
> > >
> > > I don't agree with this one. I tested it out on
> my localhost and got
>
> > > the two error messages I told you I was going to
> get:
> > >
> > > Warning: Unknown MySQL Server Host...
> > > Warning: MySQL Connection Failed...
> > >
> > > No usernames/passwords. I have to say however
> that I
> > > always include my connect.php file. Maybe that's
> a
> > > secure way to connect without anyone seeing your
> > > password in case of sqlserver problems.
> > >
> > >
> > > Greetz,
> > > Bjorn Van Simaeys
> > > www.bvsenterprises.com
> > >
> > >
> > >
> > >
> > > --- BRACK <[EMAIL PROTECTED]> wrote:
> > > > If you have Apache and MySQL servers make this
> > > > experiment -
> > > > start Apache but "forget" to start SQL and go
> to
> > > > your site
> > > > http://localhost/... you will see yourself all
> the
> > > > information on the
> > > > screen.
> > > >
> > > > Youri
> > > >
> > > > On 7 Aug 2001, at 12:53, Ryan Christensen
> wrote:
> > > >
> > > > > I'm curious as to how the "hacker" would see
> all
> > > > this information (the
> > > > > username.. password, etc..) just by going to
> a
> > > > site where the SQL backend
> > > > > was down?
> > > > >
> > > > > Ryan
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: BRACK [mailto:[EMAIL PROTECTED]]
> > > > > > Sent: Tuesday, August 07, 2001 12:36 PM
> > > > > > To: [EMAIL PROTECTED]
> > > > > > Subject: [PHP] MySQL connection
> > > > > >
> > > > > >
> > > > > > I just wanned to bring the issue of
> security of
> > > > MySQL connection:
> > > > > >
> > > > > > Let us imagine that SQL server was down
> for some
> > > > hours (of
> > > > > > course without us knowing it) and at the
> same
> > > > hours our SQL site
> > > > > > was visited by some kind of hacker, he can
> s
> > ee
> > > > on his screen all
> > > > > > our SQL connection info like username,
> > > > password, and database
> > > > > > name. You may hide this information in
> different
> > > > file than the file
> > > > > > that your users open then the hacker will
> see
> > > > something like
> > > > > > "include("connect.inc");" or
> > > > "require("connect.inc");" (of course IF
> > > > > > server is down). So you may only imagine
> the
> > > > consequences of
> > > > > > this visit of the hacker. What can we do
> to
> > > > protect our sensitive
> > > > > > information if SQL server is down?
> > > > > >
> > > > > > Youri
> > > > > >
> > > > > > --
> > > > > > PHP General Mailing List
> (http://www.php.net/)
> > > > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > > To contact the list administrators,
> e-mail:
> > > > [EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
> > > > [EMAIL PROTECTED]
> > > > To contact the list administrators, e-mail:
> > > > [EMAIL PROTECTED]
> > > >
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
