>A better way to protect your password/data with PHP and
>MySQL, if you don't need write access, is to have a new
>user, such as "nobody" (which is often the default Apache
>user processing your PHP anyway) who has read-only access
>to your database tables--and connect using nobody and no
>password.
Only do this if you don't have confidential data in the database. Any user with access to the db server will have access to your data, i'd still use a password just as another level of protection anyway.
>Another note: Say you want your script to write some files
>to one of your directories, but you don't want the directory
>world-writable. Simply make the directory's group "nobody"
>and chmod it 775. This way, "nobody" will have rw access,
>but nobody else.
If im thinking correctly, this is good as long as someone on the server doesn't write a php script running it on the same webserver to read the files you've just 'protected'.
----
Manual Page -- [url]http://www.php.net/manual/en/function.mysql-connect.php[/url]
Edit Note -- [url]http://master.php.net/manage/user-notes.php?action=edit+33766[/url]
Delete Note -- [url]http://master.php.net/manage/user-notes.php?action=delete+33766&report=yes[/url]
Reject Note -- [url]http://master.php.net/manage/user-notes.php?action=reject+33766&report=yes[/url]