On Unix it is possible to make an include file with all the settings
like $user, $passwd and so on and store it somewhere in the
filesystem (not under your htdocs-path)

So no one can access this file via web ....

You can include this file with its variables with the include() - statement
...

Imagine your PHP-Engine won´t work and someone accesses a page where you
included
this file with the settings .... he will never see your Password
but just the include-statement ... nothing else ...
And he won´t be able to access the file since its not in yout /htdocs - Path
...

Cheers,
Marcel

> -----Original Message-----
> From: Marco Draijer [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, July 18, 2001 09:41
> To:   [EMAIL PROTECTED]
> Subject:      [PHP-DB] Protecting database password
> 
> For a PHP-application on Windows NT, I am using an Oracle database and the
> 
> database-interface db_oci8.inc (a PHP-class, downloaded from the net).
> To be able to make the connection to the database, the class has to know
> the
> 
> databasename, username, and password. At the moment, it is hardcoded in
> the 
> include-file. This file can be downloaded by anyone who knows its exact
> name
> and 
> location (which is not hard, of course). I want to prevent this.
> I have tried some things with permissions, but I could not find a solution
> 
> there.
> A known solution on Windows-platforms is, to put the names & password in
> the
> 
> registry of the server, but I don't know how I can read data from the
> registry 
> in PHP.
> Another solution is to use environment variables. I know how to read them:
> the 
> documentation says that getenv() gives the environment of the client, but
> that 
> is not true, at least on NT it gives the environment of the server. But
> then
> 
> again: of which user is that environment and won't it be easy to read that
> 
> environment over the internet?
> Can anyone give me advice on this?
> Furthermore I will be setting up a similar construction (PHP + password 
> protected database) on a Linux machine. So I am also interested in
> Unix-only
> 
> solutions.
> 
> Thanks in advance,
> Marco Draijer
> 
> --
> **************************************************************************
> **
> This message contains information that may be privileged or confidential
> and
> is the property of the Cap Gemini Ernst & Young Group. It is only intended
> for the person to whom it is addressed. If you are not the intended
> recipient, you are not authorized to read, print, retain, copy
> disseminate,
> distribute, or use this message or any part thereof. If you receive this
> message in error, please notify the sender immediately and delete all
> copies
> of this message.
> **************************************************************************
> **
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


If you have received this e-mail in error or wish to read our e-mail disclaimer 
statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to