Posted by John Holmes on 03/02/05 02:57

Rob Tanner wrote:
> WE have a number of PHP webpages that access one of several MySql databases
> and while the PHP files that contain the passwords cannot be accessed via the
> web, we are becoming increasingly concerned over the possibility of other
> webpage maintainers viewing those files. How have other folks protected
> database passwords needed by PHP apps?

Who are these "other webpage maintainers" and why do they have access to
your PHP source code? This isn't a PHP issue. The MySQL password has to
be in a file as plain text; there's no getting around that (as recently
discussed on here). Your issue is controlling access to the machine and
the files, so is an OS/policy/trust issue, imo.

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

• Next in thread: Re: [PHP] How can I secure database passwords used by PHP webpages
• Prev in thread: How can I secure database passwords used by PHP webpages
• Next in forum: Re: [PHP] web testing
• Prev in forum: web testing
• Thread view: How can I secure database passwords used by PHP webpages

[Reply to this message]