ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok. I am trying to create a php page that will access a mysql database on the same server, but want to make sure that no one can parse the information out of the connect statement to the database.
I know that I can use an include statement to pull $my_username, $my_password out of a file, but is there a way to put this file in a sub-directory that will only be accessible by apache and not by anyone trying to download the file directly?
I am guessing this is strictly a permissions issue. But if user:group apache:apache "owns" it, doesn't that mean that anyone on the web can access it?
well, when you try to download the page, the web server will render the page to html, meaning that if you don't echo the variables, it shouldn't be viewable by others. Though i think there is a way to configure apache to have non-accessible folders for web use...not sure how to do it though
If the web server returns the page then the data will be there if they are not in script tags, or if for some reason the php engine is not working. However, if you are using apache you could try to use a mod_alias to redirect any direct access to the file that contains the password
This is actually for a guy that had asked on another forum that I frequent. I told him that basically you cannot view the php source since it is server-side, but I guess this is pretty sensitive information so he would like to put the information in a separate file in a protected directory.
Is there a way to use md5 password in a file or to protect a directory that only the webserver (apache) can get to but not someone requesting the file directly?
That is what I do not know, because as far I know the reason you give apache ownership is so that people can read it, so I don't know how you would give apache ownership without giving everyone the ability to read it, if the php did not render or if they tried to directly download it.
Any other insight would be great. I will look into mod_alias as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.