RE: protect password?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[snip]
Some functions need you to provide username and password, for instance 
odbc_connect.  Even though the username/password just has minimum access

privileges to the resource, putting it there in clear text in a script
gives 
me heartburn.  How do people handle username/password in such kind of
cases? 
I'm sure there must be some way to store critical information in some 
encrypted format but it's still readable to scripts for authentication 
purpose.  But don't know how.  Any ideas or pointer would be greatly 
appreciated.
[/snip]

Some time ago Chris Shifflet provided a nice suggestion on how to make
your passwords more secure.  It's still not rock solid, but far better
than storing them in clear text.

The methodology I present below (which Chris presented originally)
assumes Apache as your web server.  Though I've recently gotten into IIS
administration I'm not sure of how you would specifically do this under
IIS.

Create a file outside of your webroot, and in it use SetEnv declarations
to set a username and password as environment vars.

SetEnv dbname username
SetEnv dbpass password

Chown this file such that it is only readable by root, and then
(assuming you're on a shared host) have it included in your virtual host
block of the server config file.  If you're on a dedicated box include
it in the configuration section for the site in question.

Then when the server is restarted you will be able to access the
username and password via $_SERVER['dbuser'] and $_SERVER['dbpass'] in
your scripts.

As the first response to your post, not exactly what you were looking
for, but much more secure than plain text or even simple include files.

HTH.

Cheers,
Pablo

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux