Am 03.12.2011 23:54, schrieb Tamara Temple:
If you give every application user a unique set of database access
permissions, that means that any one of those users can access your
data base WITHOUT going through your application if they manage to get
access to your data base server. Is that clearer? Your application's
users should not be able to access the data base directly. The
application should be the thing to manage the data base. You may want
to have different data base credentials for different user *roles*
(plain, privileged, admin roles, etc), but to give *every* application
individual data base unique credentials is not only unnecessary, but
also a security risk.
OK, then where or how is the most advisable place to store the
application's credentials.
One way is to have it as constants in an seperate php-file somewhere
within the doc-root so php can easily access it as include.
An application that is to be put on an outside hoster's server has to do
it like this, I guess.
Mine will stay on a server within the LAN for now, so I've got root access.
This way the web-server could display it in the probaply unlikely case
someone guesses the url to it AND the php-interpreter fails to process
it first.
More likely a local user could read it, though.
So how would I store it and restrict access to it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
