I'm reading PHP&MYsql for dummies atm.. and (if I can get some help I take the idiot hat!) there's something which seam very 'weird' to me.

It seams that some data like passwords and usernames are 'hidden' in PHP files.

Now, I know if you use internet explorer and you load the file for example:
http://www.servername.com/test.php

test.php
<?php
session_start();
@$_SESSION['password']="Enter$$2541";
?>

and go in View/ Source, the PHP code doesn't show.. but I am wondering if this system is sufficient to stop hackers from reading that information?

(please say yes!! well.. only if it's sufficient)

Yes, it is sufficient.

When the page is requested from the server, it MUST go through the PHP processor (assuming the server is configured correctly) and the processor replaces the PHP code with the output. Therefore it is impossible for anyone to look at the original source, unless they can hack directly into your server's filesystem (and then you're in trouble anyway ;) ).

Good luck,

-Snib - http://www.snibworks.com
Where will you be in 100 years?

Thanks :)) makes life so much easier!

If you're storing passwords, for even more security, look at the md5() function.

The idea being, store your password in the database as an md5 hash, then to authenticate, retrieve the password from the database, hash the password that the user entered, and match them.

Simple, yet very effective.

Many shoes,

Jamez/SiliconFuRy

Yes... and No

When you get further into Unix, you'll find that it's probably possible for anybody who is hosted on the same server as you (eg: someone else hosted by the same company) to read the php file and get the passwords.

Don't worry about it now, but do bear it in mind (and try not to use the same password for mySQL).

Cheers

--
Please contact me at:
Colin (dot) Horne (at) gmail (dot) com

Only got 2 accounts on the database: Select in a 'hidden PHP' and one account with more access rights (but not to delete database or modify tables) that one isn't store anywhere... except in my mind!