Re: How to avoid exposing connectstring?

From: Justin Koivisto (spam_at_koivi.com)
Date: 10/31/03

• Next message: Kevin Thorpe: "Re: How to avoid exposing connectstring?"
• Previous message: Justin Koivisto: "Re: array and for clarification."
• In reply to:(deleted message) James Henson: "How to avoid exposing connectstring?"
• Next in thread: Kevin Thorpe: "Re: How to avoid exposing connectstring?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Fri, 31 Oct 2003 15:45:06 GMT

James Henson wrote:
>
> I'm using a MySQL database from within some Perl and PHP cgi's.
> To make the connection, I have to supply the username/password
> in the connection string. This info is readable for anyone that
> can view my code, e.g. all other users that can access the
> webserver box directly. This because the cgi-program has to be
> readable for the user that's used by Apache.
>
> How can I avoid this? I can't have my own webserver, regrettably,
> other developers have access to this machine. Is there perhaps an
> Apache option that I can use to avoid public exposure of the
> connectstring?
>
> I have set up the database server so it only accepts connections
> from the webserver box, but that doesn't help with the above
> problem.
>
> Any pointers?

In httpd.conf, add this in your VirtualHost directive...

SetEnv SQL_HOST=localhost
SetEnv SQL_PASS=password
SetEnv SQL_USER=user

Then, make sure httpd.conf is chmod 600 and chown root.root

Now, in your scripts, access these variables via
<?php
     $host=$_SERVER['SQL_HOST'];
     $user=$_SERVER['SQL_USER'];
     $pass=$_SERVER['SQL_PASS'];
?>

I'm not sure how to go about it in perl, but it will likely be an
environment variable.

If the host won't chmod and chown httpd.conf, you have create a separate
file with the parameters in it, chmod 600, chown root.root that file
instead, and use an include in the VirtualHost directive.

Since it is in your VirtualHost directive, it is only valid for requests
to your domain name, and only the root user will be able to read the
file with the user and password.

-- 
Justin Koivisto - spam@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
              alt.php* groups are not recommended.

---

• Next message: Kevin Thorpe: "Re: How to avoid exposing connectstring?"
• Previous message: Justin Koivisto: "Re: array and for clarification."
• In reply to:(deleted message) James Henson: "How to avoid exposing connectstring?"
• Next in thread: Kevin Thorpe: "Re: How to avoid exposing connectstring?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: PHP under CGI Directory ... >trying open a connection to a MySQL database using mysql_connect. ... >MySQL module when they compiled PHP. ... They told me their server is ... (comp.lang.php) Alter Table newbie help needed ... ... Newbie - MAC - MAMP on port 8889 ... I have this connection to Mysql database called 'test' ... Other Php stuff works ok but now I'm trying to alter the table (never did ... (php.general) Re: Choosing PHP for large projects ... >> I used to do everything in Perl, then decided to learn PHP. ... > use PHP to access a MySQL database, ... Perl can spawn processes that you can control. ... (comp.lang.php) Re: Choosing PHP for large projects ... >> I used to do everything in Perl, then decided to learn PHP. ... > use PHP to access a MySQL database, ... Perl can spawn processes that you can control. ... (alt.php) Re: [PHP] Alter Table newbie help needed ... ... I have this connection to Mysql database called 'test' ... Other Php stuff works ok but now I'm trying to alter the table (never did ... (php.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)