Ooooh! We both forgot to warn you: Be VERY careful with <?php phpinfo();?> and var_dump($_SERVER) and similar coding practices. You're dumping out your username/password in plaintext at that point with this technique! TANSTAAFL! On Fri, November 4, 2005 5:16 pm, Pablo Gosse wrote: > [snip] > Some functions need you to provide username and password, for instance > odbc_connect. Even though the username/password just has minimum > access > > privileges to the resource, putting it there in clear text in a script > gives > me heartburn. How do people handle username/password in such kind of > cases? > I'm sure there must be some way to store critical information in some > encrypted format but it's still readable to scripts for authentication > purpose. But don't know how. Any ideas or pointer would be greatly > appreciated. > [/snip] > > Some time ago Chris Shifflet provided a nice suggestion on how to make > your passwords more secure. It's still not rock solid, but far better > than storing them in clear text. > > The methodology I present below (which Chris presented originally) > assumes Apache as your web server. Though I've recently gotten into > IIS > administration I'm not sure of how you would specifically do this > under > IIS. > > Create a file outside of your webroot, and in it use SetEnv > declarations > to set a username and password as environment vars. > > SetEnv dbname username > SetEnv dbpass password > > Chown this file such that it is only readable by root, and then > (assuming you're on a shared host) have it included in your virtual > host > block of the server config file. If you're on a dedicated box include > it in the configuration section for the site in question. > > Then when the server is restarted you will be able to access the > username and password via $_SERVER['dbuser'] and $_SERVER['dbpass'] in > your scripts. > > As the first response to your post, not exactly what you were looking > for, but much more secure than plain text or even simple include > files. > > HTH. > > Cheers, > Pablo > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
