#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Posts
    10
    Rep Power
    0
    I am looking for a secure way to store the password required for PHP's mysql_connect function.

    Does anyone have a solution for this?
  2. #2
  3. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    You can store information securely from http access below the document root. In fact, I place all my include files below the document root. For example, if your site is at:

    /home/youraccount/www/

    you can create an include dir at

    /home/youraccount/php-lib/

    which will be impossible to access via http
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Posts
    10
    Rep Power
    0
    Thanks Rod, but unfortunately i do not have write access at that level. I may have to change my host.
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Location
    Bremen
    Posts
    11
    Rep Power
    0
    Well then .. secure is to disallow the access to the directory via .htaccess or better make it impossible to parse the data in the dir with it ... if u want to hide it from local users .. well then you have a problem
  8. #5
  9. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    Actually, restricting access with .htaccess won't work for include() files. If you try to include it the user will be prompted for the username/password. Not what you want.

    Without being able to place the files below the doc root, the only option is to make sure the files are in a directory with an index/default page so the directory won't appear and make sure the scripts are php parsable using the proper extension so that they can't be sent in the clear via http.

Similar Threads

  1. php sessions and security problems.
    By mochico in forum PHP Development
    Replies: 7
    Last Post: February 18th, 2004, 04:51 PM
  2. php script to change pop3 password?
    By jensm in forum PHP Development
    Replies: 0
    Last Post: February 13th, 2004, 03:45 PM
  3. PHP login script- forgotten password
    By tk1 in forum PHP Development
    Replies: 2
    Last Post: February 5th, 2004, 09:33 AM
  4. PHP with UnixODBC
    By coder4hire in forum PHP Development
    Replies: 2
    Last Post: January 20th, 2004, 02:14 PM
  5. UnixODBC + PHP + Apache + Empress
    By coder4hire in forum Database Management
    Replies: 0
    Last Post: January 15th, 2004, 02:41 PM

IMN logo majestic logo threadwatch logo seochat tools logo