If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Concerned about database Password  XML
Forum Index » Advanced Guestbook Forum
Author Message
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline

I am a bit concerned whether there is any way to protect the MySQL database password found in config.inc.php in admin folder. Since the password is not encrypted, anyone can just download the file and access the database.

Any solution for this.

Please advice and thanks in advance.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Nobody can "just download the file" as you put it. Firstly any .php files are passed to the PHP processor which then send on ANY results from the PHP script. As there are no results returned from the config file they receive nothing.

Also you should have a .htaccess file in there saying deny from all which tells the server to not allow outside access to that folder.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline

OK, thanks for the tips

my htaccess set as follow, is it OK?



Please advice and thanks in advance
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

The .htaccess that comes with the guestbook should be fine.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline

oh, what you mean is to add "Deny from all" in htaccess file in guestbook folder.

Currently, the htaccess in guestbook is "Option All-Indexes".

Should I change it to this :



Please advice. Sorry for asking so many coz I'm really new to this.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

The .htaccess I have in my guestbooks admin folder just says

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline

thank you very much.

So I just change the htaccess in guestbook/admin instead of the one in guestbook folder.

Thanks again
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline

Sorry,

I just check the guestbook/admin folder and found no htaccess in it. Should I add one into it?

Sorry for asking such a dumb question coz I dont want to mess up this nice script.

Thanks in advance
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

I would with just deny from all

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Advanced Guestbook Forum
Go to:   
Based on the open source JForum