RE: [PHP-DB] hiding db password

2003-06-12 Thread Sallee, Helen
: Brent Baisley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 10:44 AM To: Sallee, Helen Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] hiding db password I place all my access info in it's own directory that is not directly accessible via the web. I usually place this on the same lev

Re: [PHP-DB] hiding db password

2003-06-12 Thread Brent Baisley
I place all my access info in it's own directory that is not directly accessible via the web. I usually place this on the same level as the CGI directory, which is also not directly accessible. Typically this is one level up from your site directory. If the php module breaks, then includes and

Re: [PHP-DB] hiding db password

2003-06-12 Thread mike karthauser
on 12/6/03 3:48 pm, CPT John W. Holmes at [EMAIL PROTECTED] wrote: > From a web server perspective, though, this is > "safer" because if the web server ever broke and started serving PHP pages > as plain text (been there, done that), then at least no one can get to your > include file through your

Re: [PHP-DB] hiding db password

2003-06-12 Thread CPT John W. Holmes
> > > putenv("TWO_TASK=ORCL2"); > > putenv("ORACLE_HOME=/u01/home/oracle/product/9.2.0"); > > $conn = OCILogon("USER1","USER1PASS"); > > $query = OCIParse($conn,"select * from state"); > > OCIExecute($query); > > ?> > > > > Thank you > > Use an include file buried below your site root with > > $us

Re: [PHP-DB] hiding db password

2003-06-12 Thread Christophe Casalegno
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le Jeudi 12 Juin 2003 16:38, mike karthauser a écrit : > Then you should be able to do: > > Include"/path/to/pass.inc.php"; > > $conn = OCILogon("$user","$pass"); > > Which is more secure. I prefer user require_once mort than include for security re

Re: [PHP-DB] hiding db password

2003-06-12 Thread mike karthauser
on 12/6/03 3:31 pm, Sallee, Helen at [EMAIL PROTECTED] wrote: > putenv("TWO_TASK=ORCL2"); > putenv("ORACLE_HOME=/u01/home/oracle/product/9.2.0"); > $conn = OCILogon("USER1","USER1PASS"); > $query = OCIParse($conn,"select * from state"); > OCIExecute($query); > ?> > > Thank you Use an include fi

Re: [PHP-DB] hiding db password

2003-06-12 Thread Christophe Casalegno
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le Jeudi 12 Juin 2003 16:31, Sallee, Helen a écrit : > Hi, I'm new to PHP and need to know how I can completely hide Oracle > database password used in OCILogon call. Since all .php pages can be read > by www user, if the userid and password are coded