Taxa Posted June 1, 2008 Share Posted June 1, 2008 I was wondering when designing my next project, if it is possible for users to find your database username and password? Becuase we connect to a mysql database with "mysql_connect(username etc)" is it possible for user to download the source script and then find this line of code and hack the database? Link to comment https://forums.phpfreaks.com/topic/108289-php-security-question/ Share on other sites More sharing options...
LooieENG Posted June 1, 2008 Share Posted June 1, 2008 Nope, you can't download the source code for a PHP file, because it runs on the server and produces HTML output. But I also have this in my .htaccess file <files db.php> order deny,allow deny from all </files> And, if you're still a bit worried, you could place it below the web root, i.e. instead of /var/www/db.php place it under /user/yourname/db.php and call it using <?php require('/user/yourname/db.php'); ?> I think that's right anyway Link to comment https://forums.phpfreaks.com/topic/108289-php-security-question/#findComment-555176 Share on other sites More sharing options...
Taxa Posted June 2, 2008 Author Share Posted June 2, 2008 Thank you for your help! Link to comment https://forums.phpfreaks.com/topic/108289-php-security-question/#findComment-555238 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.