munsiem

I have the file that stores the database connections private - basically the whole framework is sunk except for the public facing files (all models, controllers, views, and sensitive information have been removed from the htdocs). I was just curious if I had stored the database connection using an environment variable if that would be some kind of security issue. The main reason I ask is because earlier I did a phpinfo() and bam there was my database connection lol. I know of course that you wouldn't want to display phpinfo() to not let people know about your settings, but I just wanted to make sure that this wouldn't be as easily accessible anywhere else. I too believe that as long as you hide your sensitive information you would be safe, but I wanted to make sure that this environment variable wasn't going to be a major risk when storing my connections.

<?php $user = "KingPhilip"; $you = "user"; echo("Hello " . $$you . "!");

Hey everyone, my name is Mike. I enjoy writing frameworks, breaking standards, and simplicity. I have joined this forum a few years back when I started PHP and have officially came back to start using this service again. I forgot how awesome and informative this was so here I am years later. This is just an informative greeting, cheers to everyone on here!

I am talking more about putenv. What I thought about doing is basically hiding the DB information by storing the info into an environment variable, like the following: $_ENV['database'] = array("connection" => array("username" => "root", "password" => "password", "hostspec" => "localhost", "database" => "database")); I thought it might be an interesting idea to hide the sensitive information a bit better, but what do you think?

I am by no means a security expert, but I would like to know if storing MySQL database information in an environment variable would be a good or bad idea. What are your thoughts?

Hey everyone, I have a question (it's a crazy one) and am hoping to hear some feedback on what I have been developing. Many common MVC frameworks require you to place your website in the root directory of your htdocs folder. If you wanted to add another website (example being maybe a mobile version), you would have to create a sub domain or use clever naming conventions in the controllers and views. I wanted to try and create a way in which I did not have to create a sub domain each time I wanted to create a new site - rather simply just create a new folder and the framework reside and hold multiple applications. So, the biggest issue is handling the paths of images and front end scripts. Every application has its very own public folder. Before I was used to having everything absolute so you would see: /app/default/public/img/tedd.jpg Well when you have multiple sites and applications you end up seeing this: /site1/app/default/public/img/test.jpg /site1/app2/default/public/img/test.jpg Now when you upload that to your server you are going to have to change the paths of all the images and scripts (because surely you wouldn't want to have to create site1 on your server if it's the only site there). Well I decided to test out an interesting way to access the applications public folder by modifying the htaccess folder. So now instead of writing out this absolute path, I would simply say: _public/img/test.jpg And that would reference the public folder of the application of which you are viewing. I did this so I could have multiple websites on my server without having to create a subdomain each time (especially since mine limits me - shared hosting lol). That's the basic concept and it's achieved by using the <BASE> tag and getting the directory of which the index.php file lyes in (making this the new root folder). Do you think this is overkill or perhaps something quite interesting? Just wondering because sometimes as a developer you will come across some really crazy ideas and they can either be completely innovative or simply overkill. Here's an example of what I had to do in the .htaccess file: ### CSS RULES ### RewriteRule ^(.*)/_public/css/_public/(.*)$ apps/$1/_public/$2 [L] RewriteRule ^(.*)_public/css/_public/(.*)$ apps/_default/_public/$2 [L] ### REGULAR RULES ### RewriteRule ^(.*)/_public/(.*)$ apps/$1/_public/$2 [L] RewriteRule ^_public/(.*)$ apps/_default/_public/$1 [L] RewriteRule ^(.*)/vendors/(.*)$ vendors/$2 [L] Thanks and any advice would be nice. Keep in mind my main goal is to have multiple sites in a directory without having to create a subdomain each time. Thanks!

Thanks for all the input. For what I am using right now is user logins and members only pages. The only thing I was worried about is storing personal information about the users. The HTTPS is a good suggestion when I upgrade to collecting data such as credit card numbers. This all helps a lot! Thanks

Thanks a lot - guess I will learn how to get that certificate going.

I am trying to get a good idea on what would be best for site security (such as login accounts holding personal user information), and I was wondering if using Session Variables is the way to go.

Anyone have any suggestions for a new php book? I have PhP 5 (Fast and easy web development), and Php and MySql for Dummies -- but am looking for a good upgrade. Have any favorites you can suggest?

Hey just a quick suggestion, If you want to completely remove that border, try: <iframe border="0" frameborder="0"></frame> That should remove the border completely.

Go ahead and post the url of the site so I can take a look at it. I don't really have any suggestions other than using IFrames. If there was, I would probably be the first to use it.

Ok I see now. I thought that all you were trying to do was set the variable once... ookkk, back to the matrix I go

Just what I needed to hear! I was always told that the more you know, the more valuable you become for your company. That's interesting that you have such a wide variety of tasks (technician, programmer, linux admin..). I guess I need to get a head start huh?! Thanks for your input, it really helps.

If you are only using one variable (which seems like you are), you may just want to do this: <? session_start(); $_SESSION['bot'] = date('U'); print_r($_SESSION['bot']) ?> I noticed that in your code you had : $_SESSION['bot'][] and $_SESSION['bot']. You were trying to print "$_SESSION['bot']", and "$_SESSION['bot']" wasn't even being checked. Just thought this might help if this was the case...