How to protect the log in information

[Logical1]

I have checked many manuals and instructions and have not been able to find any way to prevent having to include in the code the username and password for connecting to the database.

It seem like a very insecure way of doing things.

Does any one have a suggestion for not having to write the username and passwrods for the databse in the code?

tx

[PFMaBiSmAd]

The raw php code in .php files cannot be seen unless you have direct (FTP, control panel) access to the raw file.

[Logical1]

I know that but still it is pretty silly to write password and usernames openly like that.

ANy suggestions?

 

[TGWSE_GY]

PFMaBiSmAd is right, unless you are showing your directory structure in your site when you change from page to page, they should not be able to get ahold of your raw .php files. It has been my experience if you make your sites dynamic you will not have to worry about your username and password for logging in to MYSQL. I know it seems insecure but it really isn't if your site is dynamic IMHO.

[Logical1]

The URL shows the location of files and one can figure out the directory structure.  How can you not show that?

 

[Maq]

How can you not show that?

 

Perhaps [man]mod_rewrite()[/man]?

 

http://www.phpfreaks.com/forums/index.php/board,50.0.html

 

 

[PFMaBiSmAd]

Include files are typically placed in a folder that is outside of the document root folder so that they cannot be browsed to, but even if the file is somewhere within a public folder and the directory structure is deliberately shown (Apache: Options Indexes) you cannot access the php content of a .php file using the http protocol (try it if you don't believe.) Turn on Options Indexes to show a directory and browse to or do a "save link as" on a .php file and see what you get in the browser or in the saved file. The key is that the file is a .php file and any php code in it will be parsed and executed when it is requested. If you are foolish enough to use an extension other than .php, then yes the contents of that file can be seen.

 

You are trying to make something that is a non-issue into a problem that does not exist.

[TGWSE_GY]

You are trying to make something that is a non-issue into a problem that does not exist.

 

I agree with PFMaBiSmAd, Logical1. However if you are still concerned with the directory structures showing you could do a system like myself (I use it to make coding easier) I have Content Conditions file where index.php is in my site root, and then in the Conditions file I say

If Section =='MyPage') { require('MyPage.php') } elseif

  Then since my Content area is the only place that is not static I just put a php statement in index.php in the content area that calls content_conditions.php and it looks like this

include('content_conditions.php');

Then when I make a link in any of my pages that are going to be in content conditions that looks like this

index.php?section=MyPage

and no my pages are dynamicly linked without ever showing my directory structure. All they ever see is http://mysite.com/index.php?section=MyPage.

 

Hope this helps

[TGWSE_GY]

If you would like to see a fully working example of this, send me a message and I will give you temporary access to a system that functions perfectly like this.