Hello list! I have an account on a shared host running Apache 1.3.37.I want to secure the DB credentials for my php scripts. I read an article suggesting to add an Include to httpd.conf and set the include file permissions to root-only. However, I'm on a shared host and have no access to the main config file.
Ultimately, my question is: how do I keep DB user/pwd info on a shared host such that it can not be accessed from anywhere except php scripts inside my virtual host?
But, as one possible strategy, can I do anything from within my account to process SetEnv directives (stored in a file under my account - outside the webroot of course) which can not be accessed other than to actually set the environment variables, and will create environment variables only accessible to my account/scripts?
Thanks! Sean --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx