Thank you all for your suggestions. I created a hidden file one level above my root directory with significant owner/group permissions that it would be extremely difficult to detect. Looks and works great. Thanks. Helen Sallee VIS Database Administrator -----Original Message----- From: Brent Baisley [mailto:brent@landover.com] Sent: Thursday, June 12, 2003 10:44 AM To: Sallee, Helen Cc: php-db@lists.php.net Subject: Re: hiding db password I place all my access info in it's own directory that is not directly accessible via the web. I usually place this on the same level as the CGI directory, which is also not directly accessible. Typically this is one level up from your site directory. If the php module breaks, then includes and requires won't work so your passwords won't be seen. /path/to/site/ /path/to/accessfile/ /path/to/cgi/ You do have to specify the directory as an "include_path" for php. On Thursday, June 12, 2003, at 10:31 AM, Sallee, Helen wrote: > Hi, I'm new to PHP and need to know how I can completely hide Oracle > database password used in OCILogon call. Since all .php pages can be > read by www user, if the userid and password are coded in the .php > page, they anyone can fopen this file and view the contents (right?) - > this presents a security problem. So how can I have a database > connection which is secure? Or am I missing something in here? > -- Brent Baisley Systems Architect Landover Associates, Inc. Search & Advisory Services for Advanced Technology Environments p: 212.759.6400/800.759.0577 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
