Is there a way in which I can store some data (eg. mysql passwords) safely from other users on a website and retrieve it from php3/4?
The site is running php3 or php4 as an apache_module, and I need to provide separate mysql databases for each users inaccessible to all other users, so each user's data in the database is safe from other users. However the mysql passwords are need to be stored on the server somewhere, and then they are retrievable, if special means are not taken. I would be interested in these special means. Since apache modules run with the id of the webserver itself (www-data.www-data) therefore if the user passwords are stored in .php files, then they must be readable by www-data, and therefore they are retrievable (1. put on a php3 script which lists the public_html dir of the other user, 2. put on a php3 script which displays all the files of the other user's public_html, and there it is, 3. use this recursively to reach directly untraversable directories). I would not like to use php-cgi if it is not a necessity, due to the performance drop. Regards, Robert Varga