WebApp Sec mailing list archives

MYSQL and PHP

From: John Madden <chiwawa999 () yahoo com>
Date: Mon, 15 May 2006 11:07:57 -0700 (PDT)

Hi,

First off i'm not a PHP programmer but I would like to
know the following: 

Is it standard to use INC files to store MYSQL db
connections settings (username and password)? 

What else could you do to make this "safer" ?

I presume Apache looks for files with extention
"*.INC" and does not processes them, right ?

Thanks you

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application security 
assessment by leading market research firm. Watchfire's AppScan is the 
industry's first and leading web application security testing suite, and 
the only solution to provide comprehensive remediation tasks at every 
level of the application. See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------

Current thread:

MYSQL and PHP John Madden (May 15)
- Re: MYSQL and PHP Mark Sanders (May 16)
- Re: MYSQL and PHP Robin Wood (May 16)
- Re: MYSQL and PHP Todd Hendricks (May 16)
- Re: MYSQL and PHP Gerald Quakenbush (May 16)
  - Re: MYSQL and PHP Robin Wood (May 16)
    - Re: MYSQL and PHP Gerald Quakenbush (May 16)
  - Re: MYSQL and PHP bugtraq (May 16)
    - Re: MYSQL and PHP Reid Nichol (May 17)
- Re: MYSQL and PHP r0xes (May 16)
- Re: MYSQL and PHP Kevin Johnson (May 16)

(Thread continues...)