Re: MYSQL and PHP

[Kevin Johnson <kjohnson () secureideas net>]

On May 15, 2006, at 2:07 PM, John Madden wrote:

> Hi,
>
> First off i'm not a PHP programmer but I would like to
> know the following:
>
> Is it standard to use INC files to store MYSQL db
> connections settings (username and password)?
>
> What else could you do to make this "safer" ?
>
> I presume Apache looks for files with extention
> "*.INC" and does not processes them, right ?
>
> Thanks you

Hi-

No, Apache, by default will treat inc files as plain text and hand  
them to the browser.  If I need to have files that are web accessible  
and included, I use the php extension to force them to be processed.

Kevin
---------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!



-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application security 
assessment by leading market research firm. Watchfire's AppScan is the 
industry's first and leading web application security testing suite, and 
the only solution to provide comprehensive remediation tasks at every 
level of the application. See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------