Thank you all for your suggestions. I created a hidden file one level above my root
directory with significant owner/group permissions that it would be extremely
difficult to detect. Looks and works great. Thanks.
Helen Sallee
VIS Database Administrator
-Original Message-
From: Brent Baisley [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2003 10:44 AM
To: Sallee, Helen
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] hiding db password
I place all my access info in it's own directory that is not directly
accessible via the web. I usually place this on the same level as the
CGI directory, which is also not directly accessible. Typically this is
one level up from your site directory. If the php module breaks, then
includes and requires won't work so your passwords won't be seen.
/path/to/site/
/path/to/accessfile/
/path/to/cgi/
You do have to specify the directory as an include_path for php.
On Thursday, June 12, 2003, at 10:31 AM, Sallee, Helen wrote:
Hi, I'm new to PHP and need to know how I can completely hide Oracle
database password used in OCILogon call. Since all .php pages can be
read by www user, if the userid and password are coded in the .php
page, they anyone can fopen this file and view the contents (right?) -
this presents a security problem. So how can I have a database
connection which is secure? Or am I missing something in here?
--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php