SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Hybrid View

  1. #1
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Security Style Question

    I have designed a database cinema booking app. I expect to get quite a few visitors. In the connection to the database, I user a standard user/password combination.

    How can I ensure that this username/password combo has no privileges for example modifying/updating/deleting the db? Can I do this in phpMyadmin?

    And I also keep reading about placing your connection files in the top layer or something, in the event that the site goes down.

    What does this mean? And how do I do it?

    Thanks for the help...
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  2. #2
    <? echo "Kick me"; ?> petesmc's Avatar
    Join Date
    Nov 2000
    Location
    Hong Kong
    Posts
    1,508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    If you have a dedicated server then in phpMyAdmin you can edit the permissions via the 'mysql' database. If you have normal hosting, you must ask you hosting provider to change te settings for you.

    About the passwords at top level: Make a file called: include.inc and place in the folder that contains either: public_html or www or public_ftp. It should all be the folder. Then at the top of php scripts add:

    include("/home/username/include.inc");

    Change the absolute path to your own. Inside include.inc place the $username = "";
    $password = "";
    $host = "";

    and if you want $database = ""; but not neccessary. Then in normal php connect to the database after including the file or again, you can connect in the include.inc file.

    Hope this helps
    -Peter

  3. #3
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by petesmc
    Hi,

    If you have a dedicated server then in phpMyAdmin you can edit the permissions via the 'mysql' database. If you have normal hosting, you must ask you hosting provider to change te settings for you.

    About the passwords at top level: Make a file called: include.inc and place in the folder that contains either: public_html or www or public_ftp. It should all be the folder. Then at the top of php scripts add:

    include("/home/username/include.inc");

    Change the absolute path to your own. Inside include.inc place the $username = "";
    $password = "";
    $host = "";

    and if you want $database = ""; but not neccessary. Then in normal php connect to the database after including the file or again, you can connect in the include.inc file.

    Hope this helps
    -Peter
    That is what I am doing (in order that all db connections are controlled by one file), but I thought the .inc file has to be (?) in the same folder as the website (there is no "includes" folder).

    For example, this is a simluation of the folder structure:

    public_html/

    index.html
    onewebsitefolder/
    anotherwebsitefolder/dbconnection.inc

    Each are different websites, all running of the same server. Is the .inc file safe, in the same folder as the website folder of the database it is plugging into, or, could/should this .inc file simply be placed in 'top level' (i.e. public_html/putithere) and then use folders in the top level for each website running off that server?
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  4. #4
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The more I think about it, the more it seems that the .inc file can go anywhere, regardless of the file structure?

    Or at the very least, every .inc file I use (across all the websites, there are quite a few) can sit happily in the top level?
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  5. #5
    <? echo "Kick me"; ?> petesmc's Avatar
    Join Date
    Nov 2000
    Location
    Hong Kong
    Posts
    1,508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should definately put them at top level so:

    includea.inc
    includeb.inc
    public_html/

    index.html
    onewebsitefolder/
    anotherwebsitefolder/

    If you don't put them at top level then rename them to include.inc.php as people can easily see include.inc.

  6. #6
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So they sit here:

    mail
    public_ftp
    public_html
    tmp
    www
    theincfile.inc

    ?

    And BTW what is tmp?
    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  7. #7
    <? echo "Kick me"; ?> petesmc's Avatar
    Join Date
    Nov 2000
    Location
    Hong Kong
    Posts
    1,508
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, and tmp is where your website stats are kept.

    -Peter


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •