What is the point of having a SQL password for a non-root user?

bakertaylor28

Given that we use code like the following:

Expand|Select|Wrap|Line Numbers

 
 <?php

session_start();

$DATABASE_HOST = 'localhost';

$DATABASE_USER = 'user';

$DATABASE_PASS = 'password';

$DATABASE_NAME = 'library';

What is the point of the password, if we can see the password in the PHP code, considering that its trivial
to download the PHP script from the server? It seems rather pointless to me.

Dormilich

considering that its trivial to download the PHP script from the server?

Well, the point of PHP code is to be executed, not downloaded. Unless of course your web server is misconfigured.

bakertaylor28

But correct me if I'm wrong, but, as is the case with javascript, etc. since the browser must be able to send a GET for the php code, restricting a php directory and then attempting to call the script in a document in a non-restricted directory will cause a 403 response in the server.

Dormilich

as is the case with javascript

And that's where you're mistaken. PHP code is executed on the server (that's why it's referred to as a server-side language), not on the client/browser.

bakertaylor28

That would explain things- Though, I was under the impression that where you use an include in PHP that it was similar to header- in that the client still had to send a "GET" in order to get the include. Though, I can see, after some experimentation of sorts, that with server side languages that this is not the case.

What is the point of having a SQL password for a non-root user?

✓ answered by Dormilich

Post your reply

Similar topics