Hello all:
I know there are a lot of PHP gurus on this list, so hopefully it's not too 
off-topic.
I'm a newbie to PHP and I'm struggling with a login script for my 
organization's website.  I'm using an example script I got off the Web 
somewhere.  It uses MySQL through the "PEAR" database driver.   Here's the 
code snippet for the connection code in db_connect.php:

---------------------------

//require the PEAR::DB classes.

require_once 'DB.php';


$db_engine = 'mysql';
$db_user = 'XXXX';
$db_pass = 'YYYYYYYY';
$db_host = 'ieeepacn.com';
$db_name = 'ZZZZZZZ';

$datasource = $db_engine.'://'.
			  $db_user.':'.
			  $db_pass.'@'.
		 	  $db_host.'/'.
	  		  $db_name;


$db_object = DB::connect($datasource, TRUE);

------------------------

This works, but it occurs to me: how can this thing possibly be secure?  The 
password's there in clear text.  A person would only need read access to get 
it.  And if the PHP file's not globally readable, the login fails.  Is there 
some factor here I'm missing such that it's more protected than I think?  Or 
is there a better way to approach this?

Thanks!
Vaughn

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss