I place all my access info in it's own directory that is not directly accessible via the web. I usually place this on the same level as the CGI directory, which is also not directly accessible. Typically this is one level up from your site directory. If the php module breaks, then includes and requires won't work so your passwords won't be seen.

You do have to specify the directory as an "include_path" for php.

On Thursday, June 12, 2003, at 10:31 AM, Sallee, Helen wrote:

Hi, I'm new to PHP and need to know how I can completely hide Oracle database password used in OCILogon call. Since all .php pages can be read by www user, if the userid and password are coded in the .php page, they anyone can fopen this file and view the contents (right?) - this presents a security problem. So how can I have a database connection which is secure? Or am I missing something in here?

Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577

-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to