[olug] protecting MySQL password on multi-user system
Eric P
eric.maillist at gmail.com
Thu Apr 27 00:49:10 UTC 2006
Check the thread subject. It's a multi-user system. I have user perms only.
Eric
Trent Melcher wrote:
> If you have the ability, you could use the apache configuration file to
> store the password. (Apache reads its main config files as root.)
>
> Example:
>
> Add this to your httpd.conf
>
> <Directory /var/www/html/mydatabase>
> php_value mysql.default_user fred
> php_value mysql.default_password secret
> php_value mysql.default_host server.example.com
> </Directory>
>
> Then all you need in your PHP code is
>
> $handle = mysql_connect() or die(mysql_error());
>
> Your configuration will only be picked up by scripts running in the named
> directory and subs...in this case /var/www/html/mydatabase, virtualhosts can
> be done the same way. Then you can lock down that directory by using a
> .htaccess file and only those folks with the proper credentials can execute
> scripts from that location. This also ussumes that mysql is NOT running in
> safe_mode.
>
> Trent
>
>
> -----Original Message-----
> From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Eric
> P
> Sent: Monday, April 24, 2006 9:38 PM
> To: Omaha Linux User Group
> Subject: [olug] protecting MySQL password on multi-user system
>
> I'm on a multi-user Linux system running PHP and MySQL.
>
> Whenever I do an SQL query, I include a file just under the web root w/the
> MySQL username and password.
>
> Even though it's under the web root, I have to keep this file's permission
> at 644 permissions, or else I get 'permission
> denied'.
>
> Am I missing something here? I definately don't want this file readable by
> 'other'.
>
> Any advice for the correct approach to this would be greatly appreciated!
>
> Eric Pierce
> _______________________________________________
More information about the OLUG
mailing list