February 8th, 2000, 06:14 PM
I am looking for a secure way to store the password required for PHP's mysql_connect function.
Does anyone have a solution for this?
February 9th, 2000, 10:14 AM
You can store information securely from http access below the document root. In fact, I place all my include files below the document root. For example, if your site is at:
you can create an include dir at
which will be impossible to access via http
February 10th, 2000, 02:09 AM
Thanks Rod, but unfortunately i do not have write access at that level. I may have to change my host.
February 16th, 2000, 04:38 PM
Well then .. secure is to disallow the access to the directory via .htaccess or better make it impossible to parse the data in the dir with it ... if u want to hide it from local users .. well then you have a problem
February 16th, 2000, 07:54 PM
Actually, restricting access with .htaccess won't work for include() files. If you try to include it the user will be prompted for the username/password. Not what you want.
Without being able to place the files below the doc root, the only option is to make sure the files are in a directory with an index/default page so the directory won't appear and make sure the scripts are php parsable using the proper extension so that they can't be sent in the clear via http.