[olug] protecting MySQL password on multi-user system
Trent Melcher
trent at wispair.net
Thu Apr 27 00:21:59 UTC 2006
If you have the ability, you could use the apache configuration file to
store the password. (Apache reads its main config files as root.)
Example:
Add this to your httpd.conf
<Directory /var/www/html/mydatabase>
php_value mysql.default_user fred
php_value mysql.default_password secret
php_value mysql.default_host server.example.com
</Directory>
Then all you need in your PHP code is
$handle = mysql_connect() or die(mysql_error());
Your configuration will only be picked up by scripts running in the named
directory and subs...in this case /var/www/html/mydatabase, virtualhosts can
be done the same way. Then you can lock down that directory by using a
.htaccess file and only those folks with the proper credentials can execute
scripts from that location. This also ussumes that mysql is NOT running in
safe_mode.
Trent
-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Eric
P
Sent: Monday, April 24, 2006 9:38 PM
To: Omaha Linux User Group
Subject: [olug] protecting MySQL password on multi-user system
I'm on a multi-user Linux system running PHP and MySQL.
Whenever I do an SQL query, I include a file just under the web root w/the
MySQL username and password.
Even though it's under the web root, I have to keep this file's permission
at 644 permissions, or else I get 'permission
denied'.
Am I missing something here? I definately don't want this file readable by
'other'.
Any advice for the correct approach to this would be greatly appreciated!
Eric Pierce
_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list