Re: Account and Password
Posted By: keith at 12:19:00 on Saturday the 16th of August 2003
...well obviously the user/password combinations used in these workshops are not real and I've assumed that the reader would similarly change their passwords as well.
As to your question. well generally username/password combos are hidden by placing the values in a external file then including that file. This file is normally outside of the server document root so that the file cannot be served accidently as plain text, thus revealing the password. Other methods I've seen discussed (and depend on setup) include having the include files in a directory with restricted access or running PHP as a CGI application, but I think the first method is usually OK.
I haven't talked much about security in these 'novice' workshops but you should investigate field validation and SQL injection vulnerabilities (and I will probably write about them at some point).
K