[olug] protecting MySQL password on multi-user system
Eric P
eric.maillist at gmail.com
Sun Jun 4 16:25:26 UTC 2006
Trent Melcher wrote:
> OK, is the web_root directory under your home directory? Is it yours and
> yours only web directory? If so then you could try it this way.
>
> Put a .htaccess file into your web_root directory, add these 2 values
>
> SetEnv DBUSER mysqluser
> SetEnv DBPASS mysqlpass
>
> PHP will get these variables passed in the $_SERVER superglobal as
> $_SERVER['DBUSER'] and $_SERVER['DBPASS'].
>
> Then add this to your php code.
>
> $handle = mysql_connect('localhost', $_SERVER['DBUSER'], $_SERVER['DBPASS'])
> or die(mysql_error());
>
> If this Multi-User system has everyone using the same web_root directory,
> then there really isn't a good way to look it down so nobosy else can use
> your password file.
>
>
>
> Trent
Sorry for the LATE reply. I finally took a moment to try this.
Yes, the web directory is ours alone.
I just tried this out. Thanks for sharing this tidbit... didn't know you could set global vars like this.
I was able to stick the .htaccess file in webroot or even one below webroot and then retrive my global vars.
However, I've still have a problem in that if the perms on this file aren't 644 (world readble), Apache cannot access
this file; I get 'Forbidden - You don't have permission to access /test.php on this server.' test.php is merely the
file trying to echo the global var.
Hmph....
Thanks all the same.
Eric.
More information about the OLUG
mailing list