On Friday 02 July 2004 04:43, Peter Brodersen wrote:
You could move the virtual host to its own file, only readable by root
(and include this virtual host-file in httpd.conf).
Use SetEnv in this virtual host to set values like DBUSER, DBPASS and
so on:
Hi,
On Wednesday 30 June 2004 09:58, Bob Hockney wrote:
Hi there,
I wrote a php script that accesses a database, and I am
wondering about securing the password to the database. I
could prompt the user for the password every session, but
I don't necessarily want the user to have the
On Thursday 01 July 2004 02:17, Chris W. Parker wrote:
Red Wingate mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 9:33 AM said:
Hashing ... but i guess he wants to protected the
password needed to access the DB not a PW stored in the
DB.
you probably understand this already
On Thursday 01 July 2004 08:25, Chris W. Parker wrote:
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 4:15 PM said:
How can I use a password hash to log on to a database
server (or for any other login for that matter)?
i apologize. i completely misunderstood
* Thus wrote - Edwin -:
On Thursday 01 July 2004 02:17, Chris W. Parker wrote:
Red Wingate mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 9:33 AM said:
Hashing ... but i guess he wants to protected the
password needed to access the DB not a PW stored in the
DB.
you
I think he is talking about the password that is written inside the script
in the mysql_connect statement. I think he is worried that someone could
access it's code and find out the DB password.
One solution is to make the database only accessible from localhost (you
could create a new user/pass
Gerben wrote:
I think he is talking about the password that is written inside the script
in the mysql_connect statement. I think he is worried that someone could
access it's code and find out the DB password.
What I am concerned about is a local user on the server machine, not access through
From: Bob Hockney [EMAIL PROTECTED]
I think he is talking about the password that is written inside the
script
in the mysql_connect statement. I think he is worried that someone could
access it's code and find out the DB password.
What I am concerned about is a local user on the server
Bob Hockney wrote:
Gerben wrote:
I think he is talking about the password that is written inside the script
in the mysql_connect statement. I think he is worried that someone could
access it's code and find out the DB password.
What I am concerned about is a local user on the server machine, not
Not really a direct solution, but anyways...You could use Turck
MMCache to convert the code into bytecode. That way nobody can see the
password, atleast not too easily.
- Sid
On Thu, 01 Jul 2004 16:28:57 +0100, Peter Risdon
[EMAIL PROTECTED] wrote:
Bob Hockney wrote:
Gerben wrote:
I
On Thu, 01 Jul 2004 06:55:38 -0700, [EMAIL PROTECTED] (Bob Hockney)
wrote:
What I am concerned about is a local user on the server machine, not access through
the web server. It sounds like it can be done if there is a separate user or group
for the
web server process, but this site specific.
Bob Hockney mailto:[EMAIL PROTECTED]
on Tuesday, June 29, 2004 5:58 PM said:
I wrote a php script that accesses a database, and I am wondering
about securing the password to the database. I could prompt the user
for the password every session, but I don't necessarily want the user
to
MD5 - http://ie2.php.net/md5
One way in encryption.
Chris W. Parker [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Bob Hockney mailto:[EMAIL PROTECTED]
on Tuesday, June 29, 2004 5:58 PM said:
I wrote a php script that accesses a database, and I am wondering
about securing the
Hashing ... but i guess he wants to protected the password
needed to access the DB not a PW stored in the DB.
[...]
MD5 - http://ie2.php.net/md5
One way in encryption.
[...]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Red Wingate mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 9:33 AM said:
Hashing ... but i guess he wants to protected the password
needed to access the DB not a PW stored in the DB.
you probably understand this already but for those who don't i would
like to say:
right, but the
even for the guy who wrote the source. it's allmost impossible to
restore the data as the only option is a brute-force attempt.
Chris W. Parker wrote:
Red Wingate mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 9:33 AM said:
Hashing ... but i guess he wants to protected the password
Red Wingate mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 10:29 AM said:
even for the guy who wrote the source. it's allmost impossible to
restore the data as the only option is a brute-force attempt.
right so what is the point you're trying to make?
c.
--
PHP General Mailing
Hashing ... but i guess he wants to protected the password
needed to access the DB not a PW stored in the DB.
Yes, this is what I am concerned about, access to the file by local users on the
server. Hashes won't help me.
-Bob
--
PHP General Mailing List (http://www.php.net/)
To
You pretty much have to run the webserver / script as a certain user
and give only that use read permissions to the file.
On Wed, 30 Jun 2004 14:11:04 -0700 (GMT-07:00), [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hashing ... but i guess he wants to protected the password
needed to access
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 2:11 PM said:
Hashing ... but i guess he wants to protected the password
needed to access the DB not a PW stored in the DB.
Yes, this is what I am concerned about, access to the file by local
users on the server.
argh. just make the file readable by root and the user that runs
apache/php and you're done.
Which unfortunately is installation specific. I.e., if I am distributing a program
and want to install a file which the user modifies to contain the passwords, I have to
direct
the user to manually
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
on Wednesday, June 30, 2004 4:15 PM said:
How can I use a password hash to log on to a database server (or for
any other login for that matter)?
i apologize. i completely misunderstood your original post.
in which case, i can think of only two
Hi there,
I wrote a php script that accesses a database, and I am wondering about securing
the password to the database. I could prompt the user for the password every
session, but I don't necessarily want the user to have the password. Unless I'm
missing something, any on-disk place I store
23 matches
Mail list logo
