Security concerns

Kader · March 10, 2008, 11:18:50 AM

Hi all

I am writing a mod which has to access the database.
Obviously I had to write something like:
$link = mysql_connect('host', 'root', 'password')
or die('Could not connect: ' . mysql_error());

Now the script does what is supposed to do but obviously you wouldn't want the password to your database hanging around in a file!!!
What would you suggest apart from the following?
1. Changing the file rw permissions
2. Keeping it outside the web folder and link to it via a small php script only
3. Set up a mysql account with read/write privileges no more than what the script requires, to minimise the consequences.

Your support is very much appreciated.
Ps: How do the various forum scripts do this anyway in general?

fwitt · March 10, 2008, 11:25:04 AM

why not use SMF's database functions, off the top of my head i think the main one is db_query()

these use smf's security and dont require your password to appear in the code again.

I expect there is more on this in the modification boards

Kader · March 10, 2008, 11:36:57 AM

Thanx
I'll look that one up

vbgamer45 · March 10, 2008, 08:36:24 PM

I say all three work well together. As long as they can not remotely access the database or write files on your webserver that you are safe.

News:

Security concerns

Kader

fwitt

Kader

vbgamer45