[pmwiki-users] Keeping MySQL passwords safe

Julius Thyssen jultus at gmail.com
Thu Apr 10 06:35:47 CDT 2008


While installing the UpdateForm recipe (for interfacing with a mysql
database), I bumped
into a security issue. On
http://www.pmwiki.org/wiki/Cookbook/UpdateForm is says:

 3. Define (either in the script or in config.php) the constants
 and DB_PASS to match your database, like so:

  define ('DB_SERVER', 'db1.example.com');
  define ('DB_NAME', 'my_database');
  define ('DB_USER', 'my_username');
  define ('DB_PASS', 'my_password');

But I prefer to not store these inside my web/doc root.
What is the best option to do this then?

Should I best put


in /local/config.php or in updateform.php ?
where dbinclude.php is:
<?php include("/home/path_to_dbase_access_variables_stuff.php"); ?>

or will the require_once cause trouble and should I use the include directly?

Thanks for any insights in this.

More information about the pmwiki-users mailing list