Re: [PHP] Protecting database passwords

On Friday 02 July 2004 04:43, Peter Brodersen wrote: > You could move the virtual host to its own file, only readable by root > (and include this virtual host-file in httpd.conf). > > Use SetEnv in this virtual host to set values like DBUSER, DBPASS and > so on: > http://httpd.apache.org/docs/mod/

Re: [PHP] Protecting database passwords

On Thu, 01 Jul 2004 06:55:38 -0700, [EMAIL PROTECTED] (Bob Hockney) wrote: >What I am concerned about is a local user on the server machine, not access through >the web server. It sounds like it can be done if there is a separate user or group >for the >web server process, but this site specif

Re: [PHP] Protecting database passwords

Not really a direct solution, but anyways...You could use Turck MMCache to convert the code into bytecode. That way nobody can see the password, atleast not too easily. - Sid On Thu, 01 Jul 2004 16:28:57 +0100, Peter Risdon <[EMAIL PROTECTED]> wrote: > > Bob Hockney wrote: > > Gerben wrote: > >

Re: [PHP] Protecting database passwords

Bob Hockney wrote: Gerben wrote: I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password. What I am concerned about is a local user on the server machine, not

Re: [PHP] Protecting database passwords

From: "Bob Hockney" <[EMAIL PROTECTED]> > > I think he is talking about the password that is written inside the script > > in the mysql_connect statement. I think he is worried that someone could > > access it's code and find out the DB password. > > What I am concerned about is a local user on th

Re: [PHP] Protecting database passwords

Gerben wrote: > I think he is talking about the password that is written inside the script > in the mysql_connect statement. I think he is worried that someone could > access it's code and find out the DB password. What I am concerned about is a local user on the server machine, not access throug

Re: [PHP] Protecting database passwords

I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password. One solution is to make the database only accessible from localhost (you could create a new user/pass f

Re: [PHP] Protecting database passwords

* Thus wrote - Edwin -: > On Thursday 01 July 2004 02:17, Chris W. Parker wrote: > > Red Wingate > > > > on Wednesday, June 30, 2004 9:33 AM said: > > > Hashing ... but i guess he wants to protected the > > > password needed to access the DB not a PW stored in the > >

Re: [PHP] Protecting database passwords

On Thursday 01 July 2004 08:25, Chris W. Parker wrote: > [EMAIL PROTECTED] > > on Wednesday, June 30, 2004 4:15 PM said: > > How can I use a password hash to log on to a database > > server (or for any other login for that matter)? > > i apologize. i completely misund

Re: [PHP] Protecting database passwords

On Thursday 01 July 2004 02:17, Chris W. Parker wrote: > Red Wingate > > on Wednesday, June 30, 2004 9:33 AM said: > > Hashing ... but i guess he wants to protected the > > password needed to access the DB not a PW stored in the > > DB. > > you probably understand thi

Re: [PHP] Protecting database passwords

Hi, On Wednesday 30 June 2004 09:58, Bob Hockney wrote: > Hi there, > > I wrote a php script that accesses a database, and I am > wondering about securing the password to the database. I > could prompt the user for the password every session, but > I don't necessarily want the user to have the pa

RE: [PHP] Protecting database passwords

[EMAIL PROTECTED] on Wednesday, June 30, 2004 4:15 PM said: > How can I use a password hash to log on to a database server (or for > any other login for that matter)? i apologize. i completely misunderstood your original post. in which case, i can think of only two

RE: [PHP] Protecting database passwords

> argh. just make the file readable by root and the user that runs > apache/php and you're done. Which unfortunately is installation specific. I.e., if I am distributing a program and want to install a file which the user modifies to contain the passwords, I have to direct the user to manually

RE: [PHP] Protecting database passwords

[EMAIL PROTECTED] on Wednesday, June 30, 2004 2:11 PM said: >> Hashing ... but i guess he wants to protected the password >> needed to access the DB not a PW stored in the DB. > > Yes, this is what I am concerned about, access to the file by local > users on the ser

Re: [PHP] Protecting database passwords

You pretty much have to run the webserver / script as a certain user and give only that use read permissions to the file. On Wed, 30 Jun 2004 14:11:04 -0700 (GMT-07:00), [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > Hashing ... but i guess he wants to protected the password > > needed to

Re: [PHP] Protecting database passwords

> Hashing ... but i guess he wants to protected the password > needed to access the DB not a PW stored in the DB. Yes, this is what I am concerned about, access to the file by local users on the server. Hashes won't help me. -Bob -- PHP General Mailing List (http://www.php.net/) To unsubscri

RE: [PHP] Protecting database passwords

Red Wingate on Wednesday, June 30, 2004 10:29 AM said: > even for the guy who wrote the source. it's allmost impossible to > restore the data as the only option is a brute-force attempt. right so what is the point you're trying to make? c. -- PHP General Mailing

Re: [PHP] Protecting database passwords

even for the guy who wrote the source. it's allmost impossible to restore the data as the only option is a brute-force attempt. Chris W. Parker wrote: Red Wingate on Wednesday, June 30, 2004 9:33 AM said: Hashing ... but i guess he wants to protected the password nee

RE: [PHP] Protecting database passwords

Red Wingate on Wednesday, June 30, 2004 9:33 AM said: > Hashing ... but i guess he wants to protected the password > needed to access the DB not a PW stored in the DB. you probably understand this already but for those who don't i would like to say: right, but the

Re: [PHP] Protecting database passwords

Hashing ... but i guess he wants to protected the password needed to access the DB not a PW stored in the DB. [...] MD5 - http://ie2.php.net/md5 One way in encryption. [...] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Protecting database passwords

MD5 - http://ie2.php.net/md5 One way in encryption. "Chris W. Parker" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Bob Hockney on Tuesday, June 29, 2004 5:58 PM said: > I wrote a php script that accesses a database, and I am wondering > about securin

RE: [PHP] Protecting database passwords

Bob Hockney on Tuesday, June 29, 2004 5:58 PM said: > I wrote a php script that accesses a database, and I am wondering > about securing the password to the database. I could prompt the user > for the password every session, but I don't necessarily want the user > t

[PHP] Protecting database passwords

Hi there, I wrote a php script that accesses a database, and I am wondering about securing the password to the database. I could prompt the user for the password every session, but I don't necessarily want the user to have the password. Unless I'm missing something, any on-disk place I store