Posted by Andre Dubuc on 03/06/05 16:26

Hi,

I am trying to 'insulate' my database connection from prying eyes by moving
the db connection code to a directory above docroot and then calling it by an
include. However, my IP has an open_basedir restriction in effect that
defeats what I'm trying to do.

Perhaps I'm unclear what what the open_basedir does, and perhaps IP is
protecting me from an even worse security risk. However, I can call, using
fopen, many counter code pages that reside in the directory above docroot -
so I'm confused here. Perhaps it's the use of include - is there another way
to do this?


*******************************************************************************************

The code so far:

On any page that needs a db connection (in docroot path):
<?php
.....
include("db-conn.php");
....
?>

Db code page (located in directory above docroot):
<?php
$db = pg_connect("dbname=site user=confused password=toughone");
?>

Tia,
Andre

[Back to original message]