Thank you all for your suggestions.  I created a hidden file one level above my root 
directory with significant owner/group permissions that it would be extremely 
difficult to detect.  Looks and works great.  Thanks.

Helen Sallee
VIS Database Administrator

-----Original Message-----
From: Brent Baisley [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 10:44 AM
To: Sallee, Helen
Subject: Re: [PHP-DB] hiding db password

I place all my access info in it's own directory that is not directly 
accessible via the web. I usually place this on the same level as the 
CGI directory, which is also not directly accessible. Typically this is 
one level up from your site directory. If the php module breaks, then 
includes and requires won't work so your passwords won't be seen.

You do have to specify the directory as an "include_path" for php.

On Thursday, June 12, 2003, at 10:31 AM, Sallee, Helen wrote:

> Hi, I'm new to PHP and need to know how I can completely hide Oracle 
> database password used in OCILogon call.  Since all .php pages can be 
> read by www user, if the userid and password are coded in the .php 
> page, they anyone can fopen this file and view the contents (right?) - 
> this presents a security problem.  So how can I have a database 
> connection which is secure?  Or am I missing something in here?
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to