I tend to store passwords in mysql as hashed values (usually md5), and if I
am using scripts to connect to the database name that file (for example)
connect.inc and add an .htaccess file to stop user download of any files
called *.inc. Or store those files outside the web root in the include path.
It's not the "writing them into files" part...
It's the "I'm not sure you know what you are doing and maybe you're
writing them into files inside the webtree or introducing other gross
insecurities" part...
Hope that helps...
On Tue, October 3, 2006 2:39 pm, Deckard wrote:
> Hi Richard,
>
> Rich
Hi Richard,
Richard Lynch wrote:
> First, you're scaring the [bleep] out of me from a security standpoint
> writing mysql passwords into files...
I'm curious.
What would you do ?
No kidding intended. I'm serious.
Warm Regards,
Deckard
--
PHP General Mailing List (http://www.php.net/)
To unsubs
3 matches
Mail list logo
