Seems your other thread has been removed, not that I'm surprised due to the war going on there. Anyway, as suggested in that thread, you can use file permissions to control which local users can access the sensitive file also. If I understood you correctly. You stated that you had to allow the file to be world readable so that the Apache webserver could access the file, and as a consequence to doing that you are also allowing every local user (ie users whom have shell access to the server) to also access the file. Which is how your database was compromised. Correct? If so, then there is a way to prevent the users from accessing the file while still allowing the webserver to access it, using file permissions. To do so, you'll just need to know what group Apache runs as. To explain further, consider this file:
Code:
---------- 1 bob users 5 Apr 10 01:11 test.txt
Here test.txt has 000 for it's permissions. Nobody, not even bob can read it. Of course since bob owns it, he can change the permissions, delete it, or whatever. But that's beside the point.
Code:
-rw------- 1 bob users 5 Apr 10 01:11 test.txt
Here test.txt has 600 for it's permissions. Now bob can read/write to it, but nobody else can.
Now, suppose Apache runs as group "nogroup" and I want to allow Apache to access it without allowing everyone else to. I just change the group to "nogroup".
Code:
-rw-r----- 1 bob nogroup 5 Apr 10 01:11 test.txt
Here test.txt has 640 permissions and belongs to the group "nogroup". Since Apache runs under that group, Apache can now access the file, as can bob. But no other local users can because they neither belong to the group "nogroup" nor are they bob. At least the other users "shouldn't" belong to that group. Now there is a catch. As a non-root user whom also doesn't belong to the group "nogroup" you can not change the file to that group. hehe... Kind of a catch 22. Anyway, you should be able to get whoever has root access on the server to change it for you, I'd think. Especially considering you've already been compromised.
Also don't take the above the wrong way. I merely set out to explain the process and not to question your skill level.
Something else you may want to look into, in addition to the read-only control user for the database, is http authentication. That is if you need your users to have a higher level of control over the database vs just read access. Personally, I've never implemented it from scratch, but I do know that it's possible. And example program that can be setup to use it is
phpMyAdmin. It can also be setup to use cookies. With http authentication you'd be prompted for a username/password by Apache when you logged onto the website (or loaded the php page, whatever the case might be) and then that username and password is used to connect to the server instead of the one in your php file. The only downside is the extra hassle your users would have to go through to get logged in. And if you could put the website behind SSL, even better. Anyway, you could probably sift through phpMyAdmin's source and figure out how they do it and implement that on your server. Good luck.
