PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Class Inheritance with PHP
Using XML, Part 5: SOAP and WSDL
Using PEAR's HTML_Table Class
In Case You Missed It...The Week of August 1, 2005
OO Design: Abstract Classes

AW: [PHP] MySQL & PHP Security From: Sebastian Stadtlich (sstadtl <email protected>)
Date: 09/30/00

Next message: Mitchell Hagerty: "[PHP] example of: gethostbyaddr, gethostbyname?"
Previous message: John McKown: "Re: [PHP] exec 'lynx' failed ???"
In reply to: r a n d y: "[PHP] MySQL & PHP Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

my opinion :

if DB and webserver are on the same server ( already very stupid setup for
an ISP,
who hosts multiple sites with Databases)
then where should the interception happen? in the kernel?
if DB and webserver are seperate machines then the DB should be connected
trough
a private subnet at your ISP. if not, then switch your ISP, because he is
VERY stupid
:-]

Sebastian

| -----Urspr�ngliche Nachricht-----
| Von: r a n d y [mailto:iduh_2000 <email protected>]
| Gesendet: Samstag, 30. September 2000 00:08
| Cc: [php]
| Betreff: [PHP] MySQL & PHP Security
|
|
| My domain host suggests _NOT_ connecting to MySQL using PHP as it
| sends the
| username and pass as "plain" text to the MySQL server, as opposed
| to sending
| encrypted. Is this really an issue for the average Joe (or Randy
| in my case)
| who just wants to make a dynamic web site and won't be storing any _real_
| important info?
|
| They also said something about PHP not being 700...which I assume
| means that
| all executable and no r or w...this is how they handle cgi. Is
| there really
| a need to go all out like this for personal websites with pretty much
| useless information?
|
| randy
| ______________________________________________
| http://www.randys.org
|
| For-pay Internet distributed processing.
| http://www.ProcessTree.com/?sponsor=11087
|
|
| _________________________________________________________ Do You
| Yahoo!? Get your free <email protected> address at http://mail.yahoo.com
| --
| PHP General Mailing List (http://www.php.net/)
| To unsubscribe, e-mail: php-general-unsubscribe <email protected>
| For additional commands, e-mail: php-general-help <email protected>
| To contact the list administrators, e-mail: php-list-admin <email protected>
|

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Mitchell Hagerty: "[PHP] example of: gethostbyaddr, gethostbyname?"
Previous message: John McKown: "Re: [PHP] exec 'lynx' failed ???"
In reply to: r a n d y: "[PHP] MySQL & PHP Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]