Hi,
I suggest you use a .php file to declare your database variables and include
it everywhere you need it. Even if someone guesses the name of this file
when he tries to open it, nothing will be outputed to the screen.
an example file is
<?
$dbname="name";
$dbuser="user";
$dbpass="pass";
?>
Than you'll have to set the permissions of this file in a way that noone
(except you and the process that runs the php) with access to the server can
read this file.
Hope this helps
Dobromir Velev
-----Original Message-----
From: Marco Draijer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, July 18, 2001 10:42 AM
Subject: [PHP-DB] Protecting database password
>For a PHP-application on Windows NT, I am using an Oracle database and the
>database-interface db_oci8.inc (a PHP-class, downloaded from the net).
>To be able to make the connection to the database, the class has to know
the
>
>databasename, username, and password. At the moment, it is hardcoded in the
>include-file. This file can be downloaded by anyone who knows its exact
name
>and
>location (which is not hard, of course). I want to prevent this.
>I have tried some things with permissions, but I could not find a solution
>there.
>A known solution on Windows-platforms is, to put the names & password in
the
>
>registry of the server, but I don't know how I can read data from the
>registry
>in PHP.
>Another solution is to use environment variables. I know how to read them:
>the
>documentation says that getenv() gives the environment of the client, but
>that
>is not true, at least on NT it gives the environment of the server. But
then
>
>again: of which user is that environment and won't it be easy to read that
>environment over the internet?
>Can anyone give me advice on this?
>Furthermore I will be setting up a similar construction (PHP + password
>protected database) on a Linux machine. So I am also interested in
Unix-only
>
>solutions.
>
>Thanks in advance,
>Marco Draijer
>
>--
>***************************************************************************
*
>This message contains information that may be privileged or confidential
and
>is the property of the Cap Gemini Ernst & Young Group. It is only intended
>for the person to whom it is addressed. If you are not the intended
>recipient, you are not authorized to read, print, retain, copy disseminate,
>distribute, or use this message or any part thereof. If you receive this
>message in error, please notify the sender immediately and delete all
copies
>of this message.
>***************************************************************************
*
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
