[pmwiki-users] Keeping MySQL passwords safe
Julius Thyssen
jultus at gmail.com
Thu Apr 10 06:35:47 CDT 2008
Hi,
While installing the UpdateForm recipe (for interfacing with a mysql
database), I bumped
into a security issue. On
http://www.pmwiki.org/wiki/Cookbook/UpdateForm is says:
3. Define (either in the script or in config.php) the constants
DB_SERVER, DB_NAME, DB_USER,
and DB_PASS to match your database, like so:
define ('DB_SERVER', 'db1.example.com');
define ('DB_NAME', 'my_database');
define ('DB_USER', 'my_username');
define ('DB_PASS', 'my_password');
But I prefer to not store these inside my web/doc root.
What is the best option to do this then?
Should I best put
require_once("../dbinclude.php");
in /local/config.php or in updateform.php ?
where dbinclude.php is:
<?php include("/home/path_to_dbase_access_variables_stuff.php"); ?>
or will the require_once cause trouble and should I use the include directly?
Thanks for any insights in this.
--
Julius
More information about the pmwiki-users
mailing list