>here's an idea, perhaps something like this >can be used... > >You set a decryptionkey value in your vhost >(I don't know if you can do this with php_value >or perhaps an apache directive) > ><VirtualHost 123.123.123.123> >ServerName www.example.com >DocumentRoot /home/example/htdocs >php_value decryptionkey "123456789" ></VirtualHost> > >encode your secret data using the decryptionkey >before hand, and then decode it on the fly using >the environment variable present in only in your >vhost. > >I'm hoping that no one outside of your vhost can >see the value of that variable. (does anyone know >if you can pull environment variables from other >vhosts or if PHP can read httpd.conf?)
Depends on your setup... You might have made httpd.conf world-readable for some reason. Or not. Alas, if you have access to be altering httpd.conf for the "key" you suggest in the first place, I could just put my database secrets there and be done with it. Make sure only root (Apache) can read httpd.conf, and the problem is solved... So no need for the funky key thingie going on... I *suppose* as an administration issue, having an ISP that sets one value one time for you in httpd.conf is easier than making them edit httpd.conf all the time for you, but... I don't foresee a lot of ISP's embracing this "key" solution, personally. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
