WE have a number of PHP webpages that access one of several MySql databases and while the PHP files that contain the passwords cannot be accessed via the web, we are becoming increasingly concerned over the possibility of other webpage maintainers viewing those files. How have other folks protected database passwords needed by PHP apps?
Who are these "other webpage maintainers" and why do they have access to your PHP source code? This isn't a PHP issue. The MySQL password has to be in a file as plain text; there's no getting around that (as recently discussed on here). Your issue is controlling access to the machine and the files, so is an OS/policy/trust issue, imo.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php