Basic Security Question, MySql->PHP->XML->Flash

Hello: I recently made a flash application that dynamically loads photos from an XML that is actually created from a PHP page which pulls its information from a MySql database.

I think the following tutorial explains how this can be done (more or less): http://www.kirupa.com/web/mysql_xml_php.htm

Anyhow, my question: Is this very secure?

I mean, the following code that requires my username and password kinda frightens me:

$host = "localhost"; 
$user = "root"; 
$pass = ""; 
$database = "test"; 

$linkID = mysql_connect($host, $user, $pass) or die("Could not connect to host.");

My host, from what I understand is really good and secure, but I’m not making it easy for hackers by using this code… am I?

Everyone uses that exact same script to connect to there DB with PHP. And it sounds like you have a good secure host you shouldn’t worry. The only way for them to get your .php file is though a lot of work and your little DB is not interest to them lol.

PhP Is not open source.

PHP is. What I think you mean is that someone can’t view PHP code unless they have filesystem access.

thats how everyone connects to a database…giving username and password…:sure:

WTF? What do you mean??? Explain please… :slight_smile:

[QUOTE=λ]PHP is. What I think you mean is that someone can’t view PHP code unless they have filesystem access.[/QUOTE]
Yea.

^Why is everybody stealing my WTF explain what you mean :frowning:

Sorry man…didnt think you would mind…Thought it was most appropriate in this situation (-:

PHP is open source as in the code for PHP is available to be viewed/changed/etc. by anyone who downloads it. Want the source code? Go here: http://us2.php.net/downloads.php

The PHP code you use to display your site is not considered open source unless you’re allowing people access to view it. In otherwords your php file with your username, host, password, etc. for your MySQL database connection isn’t something that someone can just look at and get. If it were that easy you’d have seen a ton of various methods to make sure getting that information was not possible. And you probably would see putting that info into a php file on the PHP website. :slight_smile:

Thanks a ton everybody!! Man, everyone at Kirupa is very helpful. :thumb:

By the way, you can check the website I’m making here:

http://www.davidcrockettscoins.com

PS. I’m especially proud of my picture viewer in the ‘News’ section.

just make sure you are using that connect file as an include in your scripts and that you are storing it outside of the public_html directory.

so how do you include a file that’s not in the public_html directory?

Just use require_once("…/…/abovethepubhtmldirectory.php");

word. i’ll have to try that.