[PHP-DB] hiding db password

2003-06-12 Thread Sallee, Helen 
Hi, I'm new to PHP and need to know how I can completely hide Oracle database password 
used in OCILogon call.  Since all .php pages can be read by www user, if the userid 
and password are coded in the .php page, they anyone can fopen this file and view the 
contents (right?) - this presents a security problem.  So how can I have a database 
connection which is secure?  Or am I missing something in here?
The code below is what I have.
 
?php
putenv(TWO_TASK=ORCL2);
putenv(ORACLE_HOME=/u01/home/oracle/product/9.2.0);
$conn = OCILogon(USER1,USER1PASS);
$query = OCIParse($conn,select * from state);
OCIExecute($query);
?
 
Thank you


Helen Sallee 
VIS Database Administrator

RE: [PHP-DB] hiding db password

2003-06-12 Thread Sallee, Helen 
Thank you all for your suggestions.  I created a hidden file one level above my root 
directory with significant owner/group permissions that it would be extremely 
difficult to detect.  Looks and works great.  Thanks.


Helen Sallee
VIS Database Administrator



-Original Message-
From: Brent Baisley [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 10:44 AM
To: Sallee, Helen
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] hiding db password


I place all my access info in it's own directory that is not directly 
accessible via the web. I usually place this on the same level as the 
CGI directory, which is also not directly accessible. Typically this is 
one level up from your site directory. If the php module breaks, then 
includes and requires won't work so your passwords won't be seen.
/path/to/site/
/path/to/accessfile/
/path/to/cgi/

You do have to specify the directory as an include_path for php.

On Thursday, June 12, 2003, at 10:31 AM, Sallee, Helen wrote:

 Hi, I'm new to PHP and need to know how I can completely hide Oracle 
 database password used in OCILogon call.  Since all .php pages can be 
 read by www user, if the userid and password are coded in the .php 
 page, they anyone can fopen this file and view the contents (right?) - 
 this presents a security problem.  So how can I have a database 
 connection which is secure?  Or am I missing something in here?

-- 
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search  Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577




--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] PHP Paging

2003-06-12 Thread Sallee, Helen 
If you are on UNIX, you could just use a cgi script and use sendmail command.


Helen Sallee
VIS Database Administrator
http://village.gtedc.gte.com/dataman/
(972) 453-7680  [EMAIL PROTECTED]


-Original Message-
From: Cory Hicks [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 4:01 PM
To: F-A-W
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] PHP Paging


FAW,

I would look at PEAR and then run, don't walkand get the
DB_Pager

It smokes anything else I have tried...

Cory


On Thu, 2003-06-12 at 06:19, F-A-W wrote:
 Hi all,
  
 I have some data that need to be shown in pages.
  
 How can I do paging in PHP?
  
 Any code snippet or links are welcome.
  
 Thanks
  
 FAW
 
 
 -
 Do you Yahoo!?
 Free online calendar with sync to Outlook(TM).
-- 
Cory Hicks [EMAIL PROTECTED]
TRI International


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php