Hi, I'm new to PHP and need to know how I can completely hide Oracle database password used in OCILogon call. Since all .php pages can be read by www user, if the userid and password are coded in the .php page, they anyone can fopen this file and view the contents (right?) - this presents a security problem. So how can I have a database connection which is secure? Or am I missing something in here?
The code below is what I have.
<?php
putenv("TWO_TASK=ORCL2");
putenv("ORACLE_HOME=/u01/home/oracle/product/9.2.0");
$conn = OCILogon("USER1","USER1PASS");
$query = OCIParse($conn,"select * from state");
OCIExecute($query);
?>
Thank you
Helen Sallee
VIS Database Administrator
