|
|
Posted by Mattias Thorslund on 03/06/05 18:47
Since you can use fopen, I don't think open_basedir is the problem.
Read about open_basedir here: http://us3.php.net/features.safe-mode
Maybe the path that you use in the include is wrong?
/Mattias
Andre Dubuc wrote:
>Hi,
>
>I am trying to 'insulate' my database connection from prying eyes by moving
>the db connection code to a directory above docroot and then calling it by an
>include. However, my IP has an open_basedir restriction in effect that
>defeats what I'm trying to do.
>
>Perhaps I'm unclear what what the open_basedir does, and perhaps IP is
>protecting me from an even worse security risk. However, I can call, using
>fopen, many counter code pages that reside in the directory above docroot -
>so I'm confused here. Perhaps it's the use of include - is there another way
>to do this?
>
>
>*******************************************************************************************
>
>The code so far:
>
>On any page that needs a db connection (in docroot path):
><?php
>....
>include("db-conn.php");
>...
>?>
>
>Db code page (located in directory above docroot):
><?php
>$db = pg_connect("dbname=site user=confused password=toughone");
>?>
>
>Tia,
>Andre
>
>
>
--
More views at http://www.thorslund.us
Navigation:
[Reply to this message]
|