Safety?

[trebor]

I have this teacher he hates putting a password in any form out in a document out on the internet...
his solution to everything is a password field...

I want to make content available freely that would be generated from a database for a final project...
He wants a password fielded... I want to hard code it in a separate document that is never directly seen by the outside browsers but is called when a database connection is needed...

What is the secure thing to do here?

 

[konekt]

I'll be honest, I understood about 20% of what you want. From what I gather, you want to have a file with password data in it and that puts forth code, but can not be seen by outside browsers.

The first possibility is PHP, which doesn't render it's code on the site, but can still be- through deviousness- accessed; it is not the optimal solution but is a possibility when you know your audience.

The other solution is to put your script into your cgi-bin folder. No one can access the files in that folder if the request is not originating from the server.

 

[woiwky]

I really didn't understand that too well either. Are you trying to say your teacher doesn't want you to store your database password in a script? If his solution to this is to have the db password entered in a field whenever php needs to connect to the db, then he's clearly insane.

If you want to be secure, then have the database login information set right before the connection is made, and deleted right after. Although you should write your code so that you wouldn't need to worry about deleting it, an accident is always possible. And like konekt said, you should put this file in a directory that's inaccessible to the internet.