Re: Securing PHP scripts - Mailing list pgsql-php

From Luke Woollard
Subject Re: Securing PHP scripts
Date
Msg-id NHBBLDDBILGIHKOBAGFNKENECDAA.luke@taborvision.com
Whole thread Raw
In response to Re: Securing PHP scripts  (brew@theMode.com)
List pgsql-php
I don't know of any..

Luke Woollard
HPAD.com



-----Original Message-----
From: pgsql-php-owner@postgresql.org
[mailto:pgsql-php-owner@postgresql.org]On Behalf Of brew@themode.com
Sent: Tuesday, August 19, 2003 12:55 PM
To: pgsql-php@postgresql.org
Subject: Re: [PHP] Securing PHP scripts



Cody.....

> Now to connect to the DB via PHP, I have the password hard coded (which is
in clear text).
>
> Here is my question: Is there a way around storing the password in clear
text?

But no user can ever read that clear text, right?  They should only get
the PHP script output which normally wouldn't contain the user name and
password.....

There can be a danger of other users on the machine being able see the
clear text password if it's a shared machine and if they are able to read
the script, though!

Of course that didn't answer your question...... maybe somebody else knows
a way around storing it in clear text.

BTW, for the best security you should be sure and run PHP with
register_globals off in the php.ini config file, read about it at

http://us4.php.net/register_globals

Sorry if I'm telling you a bunch of stuff you already know anyway.......

brew






---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)


pgsql-php by date:

Previous
From: brew@theMode.com
Date:
Subject: Re: Securing PHP scripts
Next
From: "Cody Phanekham"
Date:
Subject: Re: Securing PHP scripts