Actually, there is Banother way and you should consider it.
Sensitive information like passwords should be kept in a file stored outside the live web content directory (ie, outside DocumentRoot on Apache). This file can then be included in your main file. This way, you can be sure that a misconfigured Apache (accidentally or otherwise) will never send your php scripts out as plain text. This doesn't solve the problem of other users on the same system snooping around your filesystem, though. All the MySQL advice is good advice. Michael On Thu, 18 Jul 2002, Tyler Longren wrote: > It's fine. There's no other way to do it really. Somebody would have > to be able to see the source to the php file before they could see the > password for mysql. They won't get it just by viewing the webpage > that's already been parsed by php. > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
