News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Security concerns

Started by Kader, March 10, 2008, 11:18:50 AM

Previous topic - Next topic

Kader

Hi all

I am writing a mod which has to access the database.
Obviously I had to write something like:
$link = mysql_connect('host', 'root', 'password')
    or die('Could not connect: ' . mysql_error());

Now the script does what is supposed to do but obviously you wouldn't want the password to your database hanging around in a file!!!
What would you suggest apart from the following?
1. Changing the file rw permissions
2. Keeping it outside the web folder and link to it via a small php script only
3. Set up a mysql account with read/write privileges no more than what the script requires, to minimise the consequences.


Your support is very much appreciated.
Ps: How do the various forum scripts do this anyway in general?

fwitt

why not use SMF's database functions, off the top of my head i think the main one is db_query()

these use smf's security and dont require your password to appear in the code again.

I expect there is more on this in the modification boards

Kader

Thanx
I'll look that one up

vbgamer45

I say all three work well together. As long as they can not remotely access the database or write files on your webserver that you are safe.
Community Suite for SMF - Grow your forum with SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com - Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Advertisement: