|
|
That's what *I* was going to say, too! 8)
--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================
"Joe Makowiec" <makowiec@xxxxxxxxxxxxxxx> wrote in message
news:Xns9A917A23AFF78makowiecatnycapdotrE@xxxxxxxxxxxxxxxxx
On 30 Apr 2008 in macromedia.dreamweaver.appdev, Brett wrote:
"The most sensitive information you have in your application is the
login information to your MySQL database server, contained in the
/mysql_connect()/ function. If hackers got a hold of this file,
they'd know the user name and password for your MySQL database. That
could be potentially bad.
To prevent that problem, we'll create a separate PHP function called
login() and save it in an alternative location. To keep things
simple, I'm just including it in the mylibrary folder under our
store folder. In real practice, it would be best to place it in a
folder out of the Apache Web server's path so it's not accessible
via the Web."
If the site is hacked such that the 'visitor' can read the contents of
PHP blocks in files within your webroot, then the odds are that it's
badly enough hacked that they can also read files outside the webroot.
So moving a connection file/directory as you propose really doesn't
accomplish much.
--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/contact.php
|
|