For a PHP-application on Windows NT, I am using an Oracle database and the 
database-interface db_oci8.inc (a PHP-class, downloaded from the net).
To be able to make the connection to the database, the class has to know the

databasename, username, and password. At the moment, it is hardcoded in the 
include-file. This file can be downloaded by anyone who knows its exact name
and 
location (which is not hard, of course). I want to prevent this.
I have tried some things with permissions, but I could not find a solution 
there.
A known solution on Windows-platforms is, to put the names & password in the

registry of the server, but I don't know how I can read data from the
registry 
in PHP.
Another solution is to use environment variables. I know how to read them:
the 
documentation says that getenv() gives the environment of the client, but
that 
is not true, at least on NT it gives the environment of the server. But then

again: of which user is that environment and won't it be easy to read that 
environment over the internet?
Can anyone give me advice on this?
Furthermore I will be setting up a similar construction (PHP + password 
protected database) on a Linux machine. So I am also interested in Unix-only

solutions.

Thanks in advance,
Marco Draijer

--
****************************************************************************
This message contains information that may be privileged or confidential and
is the property of the Cap Gemini Ernst & Young Group. It is only intended
for the person to whom it is addressed. If you are not the intended
recipient, you are not authorized to read, print, retain, copy disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all copies
of this message.
****************************************************************************

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to