Thank you all for your suggestions. I created a hidden file one level above my root
directory with significant owner/group permissions that it would be extremely
difficult to detect. Looks and works great. Thanks.
VIS Database Administrator
From: Brent Baisley [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 10:44 AM
To: Sallee, Helen
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] hiding db password
I place all my access info in it's own directory that is not directly
accessible via the web. I usually place this on the same level as the
CGI directory, which is also not directly accessible. Typically this is
one level up from your site directory. If the php module breaks, then
includes and requires won't work so your passwords won't be seen.
You do have to specify the directory as an "include_path" for php.
On Thursday, June 12, 2003, at 10:31 AM, Sallee, Helen wrote:
> Hi, I'm new to PHP and need to know how I can completely hide Oracle
> database password used in OCILogon call. Since all .php pages can be
> read by www user, if the userid and password are coded in the .php
> page, they anyone can fopen this file and view the contents (right?) -
> this presents a security problem. So how can I have a database
> connection which is secure? Or am I missing something in here?
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php