[prev in list] [next in list] [prev in thread] [next in thread]
List: php-general
Subject: Re: [PHP] Security Question (from Chris's OSCON 2004 talk)
From: Jason Wong <php-general () gremlins ! biz>
Date: 2004-09-30 19:10:03
Message-ID: 200410010310.03549.php-general () gremlins ! biz
[Download RAW message or body]
On Friday 01 October 2004 00:59, Pablo Gosse wrote:
> When talking about protecting database credentials, Chris mentions
> creating a file (readable only by root) with the following:
>
> SetEnv DB_USER "myuser"
> SetEnv DB_PASS "mypass"
>
> and then using this:
>
> Include "/path/to/secret-stuff"
>
> in the httpd.conf file such that they show up in your $_SERVER array.
>
> I assume that the include directive would be declared inside the section
> of the httpd.conf file which defines everything for my site? This is
> probably a stupid question but I want to make sure of what I'm asking my
> hosting provider before I send my email.
You can also have the following inside your virtual hosts containers:
php_value mysql.default_host localhost
php_value mysql.default_user db_user_name
php_value mysql.default_password db_passwd
Then simply use:
$link = mysql_connect();
to connect to your database. Obviously your host should make sure httpd.conf
is readable only by root.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Grelb's Reminder:
Eighty percent of all people consider themselves to be above
average drivers.
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic