Hi all
I am writing a mod which has to access the database.
Obviously I had to write something like:
$link = mysql_connect('host', 'root', 'password')
or die('Could not connect: ' . mysql_error());
Now the script does what is supposed to do but obviously you wouldn't want the password to your database hanging around in a file!!!
What would you suggest apart from the following?
1. Changing the file rw permissions
2. Keeping it outside the web folder and link to it via a small php script only
3. Set up a mysql account with read/write privileges no more than what the script requires, to minimise the consequences.
Your support is very much appreciated.
Ps: How do the various forum scripts do this anyway in general?
why not use SMF's database functions, off the top of my head i think the main one is db_query()
these use smf's security and dont require your password to appear in the code again.
I expect there is more on this in the modification boards
Thanx
I'll look that one up
I say all three work well together. As long as they can not remotely access the database or write files on your webserver that you are safe.