Stas Bekman wrote:
> On Wed, 28 Feb 2001, Gustavo Vieira Goncalves Coelho
Rios wrote:
> > the key user\password are kept inside this file, so
anyone can uses an
> > editor to retrieve the user mysql account. I resolve
this problem
> > running php on secure mode and chgrping the php file
the same user as
> > the http process and removing other flags file access
(g-rwx). So nobody
> > besides the owner of the file (or the http process)
will be able to read
> > it.
>
> At this moment anybody who has an access to mod_perl
server can read any
> data which is accessible by the same server. suexec is
not an option
> because of process persistance.
>
> I understand that you want to store the SQL engine
authentication info,
> and users not to know each other's access credentials.
The only solution
> at this point is to either trust your users not to abuse
each other, or
> run a separate server for each one :(
There is a distinct possibility that I don't understand the
problem, but couldn't you set up a db connection sub in a
file, -750 customer.nobody, like this:
sub connect {
my $r = shift; # we need a request object from somewhere
return undef unless $r->server_name eq
'www.thisvirtualhost.org';
my $db_user = 'user';
my $db_pass = 'pass';
my $db_name = 'name';
use DBI;
my $dbh=DBI->connect(mumblemumblemumble);
return $dbh;
}
You might want to think about another way of doing your
connections, anyway. If you have lots of virtual hosts,
and all of them are opening distinct connections, you're
going to run out of MySQL handles pretty quick, or choke
your server with Apache::DBI cached handles. I've heard
that you can use a single connection module which then
changes to use a specified database, but I've never tried
that myself.
Todd