|
|
Re: Permissions for index.php -- hide MySQL password?: msg#00109web.wiki.phpwiki.talk
Robert Dodier schrieb: I have a question about the MySQL password. I see that I that's unfortunately a mysql architectural problem. their fault. every perl and php programmer must deal with that solution somehow. one can read in a local file with the password, which is not in the web docroot, but it must be passed cleartext to the database. since php's are normally associated with the php engine, and no one local access to the webserver (shell or ftp account), it's quite secure. for important mysql passwords in php apps, one stores the passwords in a secure location. but it must be readable by the apache user, so anyone with problematic/erratic php script (there are thousands, I worked for a very large ISP) will be able to read it, if he knows where. It seems like a security problem, since index.php must be yes, see above. How was this problem solved for the PhpWiki project password stored plaintext in index.php. no one without shell account is able to see the content of index.php. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Permissions for index.php -- hide MySQL password?: 00109, Robert Dodier |
|---|---|
| Next by Date: | Re: 1.3.7 released: 00109, Steve Wainstead |
| Previous by Thread: | Permissions for index.php -- hide MySQL password?i: 00109, Robert Dodier |
| Next by Thread: | Various Newbie Questions: 00109, Alexandre Enkerli |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |