Go4Expert (http://www.go4expert.com/)
-   MySQL (http://www.go4expert.com/forums/mysql-forum/)
-   -   My Password is Shown?! (http://www.go4expert.com/forums/password-shown-t767/)

AhmedHan 28Apr2006 19:30

My Password is Shown?!
I am new at web programming. I registered to a MySQL server. I have to use a code in my PHP file like this :

mysql_connect("DATABASEIP", "USERNAME", "PASSWORD") or die("Can't connect to database.");
But this method doesn't seem to be safe, because anybody can download this PHP file using a download manager program.

Is there any way to connect my database hiding my password?

shabbir 28Apr2006 20:43

Re: My Password is Shown?!
Not actually. No one can download the PHP file unless he knows your FTP details or you allow anonymous FTP connections. So you should not allow the FTP and it will be safe as through the browser they try to fetch and it will be the final output you flushed through the HTML and nothing more.

AhmedHan 28Apr2006 21:01

Re: My Password is Shown?!
Just a minute ago I tried what you said and I realized that there was no PHP code in the downloaded file.
What is the reason we can't download a PHP file with all its contents? Is it impossible?
And unfortunately, my web site is University supported and it allows anonymous FTP connections.

shabbir 29Apr2006 00:11

Re: My Password is Shown?!
The actual reason is your when we make a request fro a PHP file through the explorer it send the request to the webserver for the same and as the request goes to your uni server it parses the php file and sends the output HTML as the output. You can ask for any file extension (HTML, JSP, ASP) to be parsed as PHP.

All times are GMT +5.5. The time now is 20:42.