 |
 |
 |
 |
|
|
Date: 12/22/00
- Next message: Jason: "Re: [PHP] Security problem."
- Previous message: Anand: "[PHP] Security problem."
- In reply to: Anand: "[PHP] Security problem."
- Next in thread: Jason: "Re: [PHP] Security problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anand wrote:
> The problem is that i have written the mysql db username and password in
> clear text, in the php scripts. So the users on local machine can have a
> look at the scripts (which are world readable) and then connect to the
> database using their own scripts and ....
>
> Is there any way to get around this problem?
-forbid read-access to others on this file, so it isn't world readable any
more
-use chgrp to "give" that file to a certain group (create one)
-add user wwwrun (apache runs as this user by default) to that group
Now the apache should still have access to that file cause of being in the
right group, while the other users shouldn't. And they won't get into that
group except by getting root-access or by guessing the password you set for
that group.
regards
Wagner
-- If you can't learn to do something well, learn to enjoy doing it poorly.-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Jason: "Re: [PHP] Security problem."
- Previous message: Anand: "[PHP] Security problem."
- In reply to: Anand: "[PHP] Security problem."
- Next in thread: Jason: "Re: [PHP] Security problem."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]