For a PHP-application on Windows NT, I am using an Oracle database and the
database-interface db_oci8.inc (a PHP-class, downloaded from the net).
To be able to make the connection to the database, the class has to know the
databasename, username, and password. At the moment, it is hardcoded in the
include-file. This file can be downloaded by anyone who knows its exact name
and
location (which is not hard, of course). I want to prevent this.
I have tried some things with permissions, but I could not find a solution
there.
A known solution on Windows-platforms is, to put the names & password in the
registry of the server, but I don't know how I can read data from the
registry
in PHP.
Another solution is to use environment variables. I know how to read them:
the
documentation says that getenv() gives the environment of the client, but
that
is not true, at least on NT it gives the environment of the server. But then
again: of which user is that environment and won't it be easy to read that
environment over the internet?
Can anyone give me advice on this?
Furthermore I will be setting up a similar construction (PHP + password
protected database) on a Linux machine. So I am also interested in Unix-only
solutions.
Thanks in advance,
Marco Draijer
--
****************************************************************************
This message contains information that may be privileged or confidential and
is the property of the Cap Gemini Ernst & Young Group. It is only intended
for the person to whom it is addressed. If you are not the intended
recipient, you are not authorized to read, print, retain, copy disseminate,
distribute, or use this message or any part thereof. If you receive this
message in error, please notify the sender immediately and delete all copies
of this message.
****************************************************************************
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]