I have my php files in the web root, and the Postgres 10 logon credentials are in the php file. I want to put them outside the web root for security, because a malicious robot could easily read the credentials.
After research, I found the .pgpass file. That looks like the ideal solution, but after even more research, I haven't found how to use that file from a php logon script.
Here is the section from my php script:
$dsn = vsprintf('pgsql:host=%s;port=%s;dbname=%s;user=%s;password=%s', [
'host' => '000.00.00.00',
'port' => '5432',
'dbname' => '[dbname]',
'user' => '[username]',
'password' => '[password]',
]);
Currently I store the real dbname, user and password in the php. My questions are:
1. How can I access it from the .pgpass file instead?
2. Where is .phpass loccated in Apache2 Ubuntu 18.04?
Thanks for any help with this.
Howard
