The only answer I know is in the php config, which you may not have acces to. php can be configured to run as the owner of the script that calls it. This means only your scripts can read your files. This is not the default option, and most ISPs just run the default, so your password is available to anybody skilled enough to find it.
http://www.php.net/manual/en/features.safe-mode.php should help HTH Peter ----------------------------------------------- Excellence in internet and open source software ----------------------------------------------- Sunmaia www.sunmaia.net [EMAIL PROTECTED] tel. 0121-242-1473 ----------------------------------------------- > -----Original Message----- > From: Michael Andersson [mailto:[EMAIL PROTECTED]] > Sent: 04 April 2002 11:55 > To: [EMAIL PROTECTED] > Subject: [PHP-DB] Re: security/setup question: php3 script contains db > password, but scriptmust be readable by nobody: any solution? > > > you could always use a sepeate file and and then use include > ("path/to/whateverfile.php"); with all your dc connection prefererences in > it... > > "Dries Verachtert" <[EMAIL PROTECTED]> skrev i meddelandet > news:[EMAIL PROTECTED]. > kuleuven.a > c.be... > > > > Hello, > > > > I use apache with php3 and mysql to get some data out of the mysql > database > > like probably lotsa people do. The php3 file contains the password, > because > > it must be able to connect to the database with a valid password. This > file > > also needs to be readable because nobody (the user of the apache > webserver) > > must be able to read the file. At least i think this is the > reason because > > without a chmod o+r it doesn't work. There are ca. 200 users on this > > machine.. so i would like to avoid the possibility that other users get > this > > password. Are there any solutions? I already checked the faq and i > couldn't > > find it. > > > > Thanx in advance, > > Dries Verachtert > > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
