Topic: config.php question
is anyone else worried about having your mysql username and password stored in a config.php file that sits on a webserver? Seems like a disaster waiting to happen. What's the recommendation on how to secure this?
Re: config.php question
johnson4x4 wrote:
is anyone else worried about having your mysql username and password stored in a config.php file that sits on a webserver? Seems like a disaster waiting to happen. What's the recommendation on how to secure this?
Why would you be worried?
The only way people can see it if they have access to the file by FTP. Which hosts arnt meant to have, and are allowed to access. And if anyone has access to your ftp that you don't then A) you have been irresponsible with your password or B) Your host has a security flaw in.
Sorry. Unactive due to personal life.
Re: config.php question
Thanks for your input. I'm just worried because someone could very easily request that file through http (not ftp) and open it up in any text editor and have your database password.
Re: config.php question
You can go to a config but seeing as they arnt being called anywhere they cant see it. I think all other web applications do it and its worked fine for them.
Sorry. Unactive due to personal life.
Re: config.php question
you can't see the contents through a browser but you can save the file on your local machine and open and read the contents of the file. voila, you have user name and password to mysql dbs.
Re: config.php question
When you save a file it will save the html... If you look at the source for a config.php file its notthing 
Sorry. Unactive due to personal life.
Re: config.php question
ahh! thanks for clearing that up! it took a while to get it through my thick paranoid skull.
Re: config.php question
No problem
Sorry. Unactive due to personal life.