468,315 Members | 1,456 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,315 developers. It's quick & easy.

HOw to prevent simple View source to retrieve password

Can anyone tell me how i can prevent that users can see my connection string
to mysql database?

Using my browser i could easely use the function: view source.....showing
the html/php code.

IF the file includes the connection string than anyone could see my database
name and password.....

How can i prevent this??

Please help.
Mark
Mar 8 '06 #1
4 4690
Mark@home wrote:
Can anyone tell me how i can prevent that users can see my connection string
to mysql database?

Using my browser i could easely use the function: view source.....showing
the html/php code.
What?! If you are using the browser's view source command to see the PHP
code, then your web server is not set up properly. PHP code should be
interpreted on the server side, and hidden from the client at all times.
IF the file includes the connection string than anyone could see my database
name and password.....

How can i prevent this??


Be sure that you are storing that file outside your document root for
the site. If you can't do that, then be sure that you have the file
named in a way where the web server will parse it as a PHP type (ie.
db-details.php)

There are many options, these are just the easiest ones.
Mar 8 '06 #2
Mark@home wrote:
Can anyone tell me how i can prevent that users can see my connection string
to mysql database?

Using my browser i could easely use the function: view source.....showing
the html/php code.

IF the file includes the connection string than anyone could see my database
name and password.....

How can i prevent this??

Please help.
Mark


If view source shows any PHP code, then there's a configuration problem
with your server. When a user visits one of your PHP pages, the server
should execute the PHP and send the generated HTML to the client, so the
client can never see the PHP code at all.

Are you storing the password in a PHP file with an .inc extension? If
so, simply rename your .inc files to .php so the client can never see
your PHP code.
Mar 8 '06 #3
Your php code isn't visible to the html end user. If it is, the code isn't
inside php tags

"Mark@home" <do******@home.nl> a écrit dans le message de news:
61***************************@news1.tudelft.nl...
Can anyone tell me how i can prevent that users can see my connection
string
to mysql database?

Using my browser i could easely use the function: view source.....showing
the html/php code.

IF the file includes the connection string than anyone could see my
database
name and password.....

How can i prevent this??

Please help.
Mark


Mar 8 '06 #4
On Wed, 08 Mar 2006 17:37:41 +0100, Bob Bedford wrote:
"Mark@home" <do******@home.nl> a écrit dans le message de news:
61***************************@news1.tudelft.nl...
Can anyone tell me how i can prevent that users can see my connection
string
to mysql database?

Using my browser i could easely use the function: view
source.....showing the html/php code.
Your php code isn't visible to the html end user. If it is, the code
isn't inside php tags


[top posting fixed]

It is not the <?php...?> marks that do it. Most web servers decide (a)
what type of data is in a file, and (b) what to do with it (PHP processing
in only one option here) based on the file's name. This can include the
directory part, the file extension or whatever.

For example, my local server treats everything in /cgi-bin or anything
ending .cgi as a program to execute and everything ending .php as
requiring PHP processing. The rules are usually set by the system
administrator and *may* be alterable by users on a per-directory basis.

--
Ben.
Mar 8 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by john brown | last post: by
14 posts views Thread by Ludwig77 | last post: by
1 post views Thread by Lorenzo | last post: by
3 posts views Thread by Elliot Rodriguez | last post: by
3 posts views Thread by Ryu | last post: by
5 posts views Thread by Diane Truyens | last post: by
3 posts views Thread by Phillip Vong | last post: by
8 posts views Thread by Mark Reed | last post: by
reply views Thread by Teichintx | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.