Hello Howard,
On Sat, 2019-09-07 at 22:17 +0000, Howard Wells wrote:
> I have my php files in the web root, and the Postgres 10 logon
> credentials are in the php file. I want to put them outside the web
> root for security, because a malicious robot could easily read the
> credentials.
>
> After research, I found the .pgpass file. That looks like the ideal
> solution, but after even more research, I haven't found how to use
> that file from a php logon script.
>
> Here is the section from my php script:
>
> $dsn =
> vsprintf('pgsql:host=%s;port=%s;dbname=%s;user=%s;password=%s', [
> 'host' => '000.00.00.00',
> 'port' => '5432',
> 'dbname' => '[dbname]',
> 'user' => '[username]',
> 'password' => '[password]',
> ]);
>
> Currently I store the real dbname, user and password in the php. My
> questions are:
>
> 1. How can I access it from the .pgpass file instead?
>
> 2. Where is .phpass loccated in Apache2 Ubuntu 18.04?
>
> Thanks for any help with this.
>
> Howard
>
>
>
We use pg_service.conf to hold the access credentials.
It's just pg_connect("service=sandbox") for example, where 'sandbox' is
the tag for the database you wish to access.
Using Debian it is kept in the /etc/php/7.3/apache2 path, where 7.3
represents the php version. It needs to be owned by the Apache user
which defaults to 'www-data'. Permissions are 0600.
HTH,
Robert
