Hi, I'm new to PHP and need to know how I can completely hide Oracle database password 
used in OCILogon call.  Since all .php pages can be read by www user, if the userid 
and password are coded in the .php page, they anyone can fopen this file and view the 
contents (right?) - this presents a security problem.  So how can I have a database 
connection which is secure?  Or am I missing something in here?
The code below is what I have.
 
<?php
putenv("TWO_TASK=ORCL2");
putenv("ORACLE_HOME=/u01/home/oracle/product/9.2.0");
$conn = OCILogon("USER1","USER1PASS");
$query = OCIParse($conn,"select * from state");
OCIExecute($query);
?>
 
Thank you


Helen Sallee 
VIS Database Administrator 


 

Reply via email to