[olug] protecting MySQL password on multi-user system

Eric P eric.maillist at gmail.com
Thu Apr 27 00:49:10 UTC 2006


Check the thread subject.  It's a multi-user system.  I have user perms only.

Eric
Trent Melcher wrote:
> If you have the ability, you could use the apache configuration file to
> store the password. (Apache reads its main config files as root.)
> 
> Example:
> 
> Add this to your httpd.conf
> 
> <Directory /var/www/html/mydatabase> 
>    php_value mysql.default_user fred 
>    php_value mysql.default_password secret 
>    php_value mysql.default_host server.example.com 
> </Directory> 
> 
> Then all you need in your PHP code is 
> 
> $handle = mysql_connect() or die(mysql_error()); 
> 
> Your configuration will only be picked up by scripts running in the named
> directory and subs...in this case /var/www/html/mydatabase, virtualhosts can
> be done the same way.  Then you can lock down that directory by using a
> .htaccess file and only those folks with the proper credentials can execute
> scripts from that location.   This also ussumes that mysql is NOT running in
> safe_mode.
> 
> Trent  
> 
> 
> -----Original Message-----
> From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Eric
> P
> Sent: Monday, April 24, 2006 9:38 PM
> To: Omaha Linux User Group
> Subject: [olug] protecting MySQL password on multi-user system
> 
> I'm on a multi-user Linux system running PHP and MySQL.
> 
> Whenever I do an SQL query, I include a file just under the web root w/the
> MySQL username and password.
> 
> Even though it's under the web root, I have to keep this file's permission
> at 644 permissions, or else I get 'permission
> denied'.
> 
> Am I missing something here?  I definately don't want this file readable by
> 'other'.
> 
> Any advice for the correct approach to this would be greatly appreciated!
> 
> Eric Pierce
> _______________________________________________



More information about the OLUG mailing list