-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le Jeudi 12 Juin 2003 16:31, Sallee, Helen a écrit :
Hi, I'm new to PHP and need to know how I can completely hide Oracle
database password used in OCILogon call. Since all .php pages can be read
by www user, if the userid and password are coded
on 12/6/03 3:31 pm, Sallee, Helen at [EMAIL PROTECTED] wrote:
?php
putenv(TWO_TASK=ORCL2);
putenv(ORACLE_HOME=/u01/home/oracle/product/9.2.0);
$conn = OCILogon(USER1,USER1PASS);
$query = OCIParse($conn,select * from state);
OCIExecute($query);
?
Thank you
Use an include file buried
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le Jeudi 12 Juin 2003 16:38, mike karthauser a écrit :
Then you should be able to do:
Include/path/to/pass.inc.php;
snip
$conn = OCILogon($user,$pass);
Which is more secure.
I prefer user require_once mort than include for security reasons.
?php
putenv(TWO_TASK=ORCL2);
putenv(ORACLE_HOME=/u01/home/oracle/product/9.2.0);
$conn = OCILogon(USER1,USER1PASS);
$query = OCIParse($conn,select * from state);
OCIExecute($query);
?
Thank you
Use an include file buried below your site root with
$user=USER1;
on 12/6/03 3:48 pm, CPT John W. Holmes at [EMAIL PROTECTED] wrote:
From a web server perspective, though, this is
safer because if the web server ever broke and started serving PHP pages
as plain text (been there, done that), then at least no one can get to your
include file through your web
I place all my access info in it's own directory that is not directly
accessible via the web. I usually place this on the same level as the
CGI directory, which is also not directly accessible. Typically this is
one level up from your site directory. If the php module breaks, then
includes and
: Brent Baisley [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 10:44 AM
To: Sallee, Helen
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] hiding db password
I place all my access info in it's own directory that is not directly
accessible via the web. I usually place this on the same level