How do you handle storing the login info then? Do you encrypt the
file and decrypt it on the fly? Where would you store the key? I'm in
the process of setting up a new application, and I've always used the
"login info outside the webroot" method but if there's something more
I can do, I'd like to know...
--- Jaap van Ganswijk <[EMAIL PROTECTED]> wrote:
> At 2003-06-29 17:21 +0100, Avvio - Frank wrote:
> >basically you need to append to your include_path and you can
> probably
> >create a local .htaccess file and set an include path in there
> (look up
> >php_value syntax for .htaccess)
> >
> >otherwise start your script with a customised version of the
> following:
> >
> >ini_set("include_path",ini_get("include_path").":".
> "/your/path/here/");
> >
> >then include/require as normal
>
> I think you can also use an include statement
> like this:
> include "../../php/include/file.inc";
>
> The same mechanism can also be used for data
> files that also shouldn't be in the WWW accessible
> directory tree, I think. (But I'm not an expert.)
>
> I always try to write my programs very portable
> and I have found that using "../application_data/file.txt"
> isn't a problem, but using "../../xxx/application_data/file.txt"
> is usually a problem, because you don't want to
> hardcode the name of the directory above the current
> directory (in this case 'xxx'). Sometimes however
> you have to go two levels up to go out of the
> WWW-acessable directory three.
>
> By the way, I think it's unwise to keep the MySQL
> login data uncoded on the Unix system, because
> other users or the system managers could read it.
> Generally these files have to be readable by Apache
> and therefore other users on the system can often
> also read them.
>
> Greetings,
> Jaap
>
>
> >----- Original Message -----
> >From: "anders thoresson" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Sunday, June 29, 2003 4:33 PM
> >Subject: Re: [PHP] web site security: how to hide login info for
> >mysql-connection
> >
> >
> >> > Be aware that wherever you store the settings folder, your
> php.ini
> >should
> >> > have that path in it's include_directories setting, and the
> webserver
> >> > must
> >> > have read permissions for that file.
> >>
> >> I don't have access to php.ini on my ISP's web server. Is there
> a way for
> >> a user to make their own set ow include_directories?
> >>
> >> --
> >> anders thoresson
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >>
> >
> >
> >
> >--
> >PHP General Mailing List (http://www.php.net/)
> >To unsubscribe, visit: http://www.php.net/unsub.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
=====
Mark Weinstock
[EMAIL PROTECTED]
***************************************
You can't demand something as a "right" unless you are willing to fight to death to
defend everyone else's right to the same thing.
***************************************
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
