[olug] protecting MySQL password on multi-user system

Don Kauffman dekauff at cox.net
Sun Jun 4 17:36:32 UTC 2006


Just out of curiosity, who  is the owner and group of the .htaccess
file? You might need to change those to apache or whatever user you have
apache set up as. Just thinking out loud here!

DonK.

On Sun, 2006-06-04 at 11:25 -0500, Eric P wrote:
> Trent Melcher wrote:
> > OK, is the web_root directory under your home directory?  Is it yours and
> > yours only web directory?  If so then you could try it this way.
> > 
> > Put a .htaccess file into your web_root directory, add these 2 values
> > 
> > SetEnv DBUSER mysqluser
> > SetEnv DBPASS mysqlpass
> > 
> > PHP will get these variables passed in the $_SERVER superglobal as
> > $_SERVER['DBUSER'] and $_SERVER['DBPASS'].
> > 
> > Then add this to your php code.
> > 
> > $handle = mysql_connect('localhost', $_SERVER['DBUSER'], $_SERVER['DBPASS'])
> > or die(mysql_error());
> > 
> > If this Multi-User system has everyone using the same web_root directory,
> > then there really isn't a good way to look it down so nobosy else can use
> > your password file.
> > 
> > 
> > 
> > Trent
> Sorry for the LATE reply.  I finally took a moment to try this.
> 
> Yes, the web directory is ours alone.
> 
> I just tried this out.  Thanks for sharing this tidbit... didn't know you could set global vars like this.
> 
> I was able to stick the .htaccess file in webroot or even one below webroot and then retrive my global vars.
> 
> However, I've still have a problem in that if the perms on this file aren't 644 (world readble), Apache cannot access
> this file; I get 'Forbidden - You don't have permission to access /test.php on this server.'  test.php is merely the
> file trying to echo the global var.
> 
> Hmph....
> 
> Thanks all the same.
> Eric.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list