Latest posts for the topic "Concerned about database Password"

Concerned about database Password

akira — GMT

I am a bit concerned whether there is any way to protect the MySQL database password found in config.inc.php in admin folder. Since the password is not encrypted, anyone can just download the file and access the database.

Any solution for this.

Please advice and thanks in advance.

Carbonize — GMT

Nobody can "just download the file" as you put it. Firstly any .php files are passed to the PHP processor which then send on ANY results from the PHP script. As there are no results returned from the config file they receive nothing.

Also you should have a .htaccess file in there saying [b]deny from all[/b] which tells the server to not allow outside access to that folder.

akira — GMT

OK, thanks for the tips

my htaccess set as follow, is it OK?

[code]
order deny,allow
deny from all
allow from all

order deny,allow
deny from all[/code]

Please advice and thanks in advance

Carbonize — GMT

The .htaccess that comes with the guestbook should be fine.

akira — GMT

oh, what you mean is to add "Deny from all" in htaccess file in guestbook folder.

Currently, the htaccess in guestbook is "Option All-Indexes".

Should I change it to this :

[code]Option All-Indexes
Deny from all[/code]

Please advice. Sorry for asking so many coz I'm really new to this.

Carbonize — GMT

The .htaccess I have in my guestbooks admin folder just says
[code]deny from all[/code]

akira — GMT

thank you very much.

So I just change the htaccess in guestbook/admin instead of the one in guestbook folder.

Thanks again

akira — GMT

Sorry,

I just check the guestbook/admin folder and found no htaccess in it. Should I add one into it?

Sorry for asking such a dumb question coz I dont want to mess up this nice script.

Thanks in advance

Carbonize — GMT

I would with just [b]deny from all[/b]