LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 02-17-2006, 06:07 PM   #1
mattmc97
LQ Newbie
 
Registered: Feb 2004
Posts: 21

Rep: Reputation: 15
Question PHP / Mysql Question


Ok. I am trying to create a php page that will access a mysql database on the same server, but want to make sure that no one can parse the information out of the connect statement to the database.

I know that I can use an include statement to pull $my_username, $my_password out of a file, but is there a way to put this file in a sub-directory that will only be accessible by apache and not by anyone trying to download the file directly?

I am guessing this is strictly a permissions issue. But if user:group apache:apache "owns" it, doesn't that mean that anyone on the web can access it?

thanks.

mattmc97
 
Old 02-17-2006, 07:45 PM   #2
airswit
Member
 
Registered: Dec 2005
Distribution: Fedora 4
Posts: 89

Rep: Reputation: 15
well, when you try to download the page, the web server will render the page to html, meaning that if you don't echo the variables, it shouldn't be viewable by others. Though i think there is a way to configure apache to have non-accessible folders for web use...not sure how to do it though
 
Old 02-17-2006, 08:23 PM   #3
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,379

Rep: Reputation: 148Reputation: 148
If the web server returns the page then the data will be there if they are not in script tags, or if for some reason the php engine is not working. However, if you are using apache you could try to use a mod_alias to redirect any direct access to the file that contains the password
 
Old 02-17-2006, 09:46 PM   #4
mattmc97
LQ Newbie
 
Registered: Feb 2004
Posts: 21

Original Poster
Rep: Reputation: 15
This is actually for a guy that had asked on another forum that I frequent. I told him that basically you cannot view the php source since it is server-side, but I guess this is pretty sensitive information so he would like to put the information in a separate file in a protected directory.

Is there a way to use md5 password in a file or to protect a directory that only the webserver (apache) can get to but not someone requesting the file directly?

That is what I do not know, because as far I know the reason you give apache ownership is so that people can read it, so I don't know how you would give apache ownership without giving everyone the ability to read it, if the php did not render or if they tried to directly download it.

Any other insight would be great. I will look into mod_alias as well.

thanks.

mattmc97
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP/MySQL table question newuser455 Programming 10 11-03-2005 05:50 AM
PHP/MySQL Question Corey Edwards Linux - Software 4 01-14-2005 01:18 PM
php mysql question infected Programming 2 10-31-2004 10:50 PM
PHP MySQL Query Question vi0lat0r Programming 1 07-15-2004 06:02 AM
mySQL, PHP, Apache Question stardotstar Linux - Newbie 6 09-08-2003 05:51 AM


All times are GMT -5. The time now is 09:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration