On Unix it is possible to make an include file with all the settings
like $user, $passwd and so on and store it somewhere in the
filesystem (not under your htdocs-path)
So no one can access this file via web ....
You can include this file with its variables with the include() - statement
...
Imagine your PHP-Engine won´t work and someone accesses a page where you
included
this file with the settings .... he will never see your Password
but just the include-statement ... nothing else ...
And he won´t be able to access the file since its not in yout /htdocs - Path
...
Cheers,
Marcel
> -----Original Message-----
> From: Marco Draijer [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, July 18, 2001 09:41
> To: [EMAIL PROTECTED]
> Subject: [PHP-DB] Protecting database password
>
> For a PHP-application on Windows NT, I am using an Oracle database and the
>
> database-interface db_oci8.inc (a PHP-class, downloaded from the net).
> To be able to make the connection to the database, the class has to know
> the
>
> databasename, username, and password. At the moment, it is hardcoded in
> the
> include-file. This file can be downloaded by anyone who knows its exact
> name
> and
> location (which is not hard, of course). I want to prevent this.
> I have tried some things with permissions, but I could not find a solution
>
> there.
> A known solution on Windows-platforms is, to put the names & password in
> the
>
> registry of the server, but I don't know how I can read data from the
> registry
> in PHP.
> Another solution is to use environment variables. I know how to read them:
> the
> documentation says that getenv() gives the environment of the client, but
> that
> is not true, at least on NT it gives the environment of the server. But
> then
>
> again: of which user is that environment and won't it be easy to read that
>
> environment over the internet?
> Can anyone give me advice on this?
> Furthermore I will be setting up a similar construction (PHP + password
> protected database) on a Linux machine. So I am also interested in
> Unix-only
>
> solutions.
>
> Thanks in advance,
> Marco Draijer
>
> --
> **************************************************************************
> **
> This message contains information that may be privileged or confidential
> and
> is the property of the Cap Gemini Ernst & Young Group. It is only intended
> for the person to whom it is addressed. If you are not the intended
> recipient, you are not authorized to read, print, retain, copy
> disseminate,
> distribute, or use this message or any part thereof. If you receive this
> message in error, please notify the sender immediately and delete all
> copies
> of this message.
> **************************************************************************
> **
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
If you have received this e-mail in error or wish to read our e-mail disclaimer
statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]