Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 02-17-2006, 05:07 PM   #1
LQ Newbie
Registered: Feb 2004
Posts: 21

Rep: Reputation: 15
Question PHP / Mysql Question

Ok. I am trying to create a php page that will access a mysql database on the same server, but want to make sure that no one can parse the information out of the connect statement to the database.

I know that I can use an include statement to pull $my_username, $my_password out of a file, but is there a way to put this file in a sub-directory that will only be accessible by apache and not by anyone trying to download the file directly?

I am guessing this is strictly a permissions issue. But if user:group apache:apache "owns" it, doesn't that mean that anyone on the web can access it?


Old 02-17-2006, 06:45 PM   #2
Registered: Dec 2005
Distribution: Fedora 4
Posts: 89

Rep: Reputation: 15
well, when you try to download the page, the web server will render the page to html, meaning that if you don't echo the variables, it shouldn't be viewable by others. Though i think there is a way to configure apache to have non-accessible folders for web use...not sure how to do it though
Old 02-17-2006, 07:23 PM   #3
Senior Member
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,379

Rep: Reputation: 148Reputation: 148
If the web server returns the page then the data will be there if they are not in script tags, or if for some reason the php engine is not working. However, if you are using apache you could try to use a mod_alias to redirect any direct access to the file that contains the password
Old 02-17-2006, 08:46 PM   #4
LQ Newbie
Registered: Feb 2004
Posts: 21

Original Poster
Rep: Reputation: 15
This is actually for a guy that had asked on another forum that I frequent. I told him that basically you cannot view the php source since it is server-side, but I guess this is pretty sensitive information so he would like to put the information in a separate file in a protected directory.

Is there a way to use md5 password in a file or to protect a directory that only the webserver (apache) can get to but not someone requesting the file directly?

That is what I do not know, because as far I know the reason you give apache ownership is so that people can read it, so I don't know how you would give apache ownership without giving everyone the ability to read it, if the php did not render or if they tried to directly download it.

Any other insight would be great. I will look into mod_alias as well.




Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP/MySQL table question newuser455 Programming 10 11-03-2005 04:50 AM
PHP/MySQL Question Corey Edwards Linux - Software 4 01-14-2005 12:18 PM
php mysql question infected Programming 2 10-31-2004 09:50 PM
PHP MySQL Query Question vi0lat0r Programming 1 07-15-2004 05:02 AM
mySQL, PHP, Apache Question stardotstar Linux - Newbie 6 09-08-2003 04:51 AM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 03:58 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration