Page 1 of 1

Encrypting Parts of code ??

Posted: Mon Jan 24, 2005 8:51 am
by alix
I have to host files on one server.. that other people have access to, but use a MySQL database on my server. I cant have people get into the database itself.. is there a way i can encrypt the mysql_connect() information?

or should I host a single file say database.php and use the include() function to call it from their server?

Posted: Mon Jan 24, 2005 8:53 am
by feyd

Posted: Mon Jan 24, 2005 8:56 am
by alix
That would do it.. but i dont have $1,000.. lol Thanks though

Posted: Mon Jan 24, 2005 1:19 pm
by CyberSpatium
Create a new text file and enter your mysql server userid and pass info:

Code: Select all

SetEnv DB_USER “your_username”
   SetEnv DB_PASS “your_password”
Save this flle and give it name, such as db_info. When you save it, make sure you save it outside your document root. So, for example, if your server path it:

Code: Select all

/user/www/domain.com/public_html
then create a new directory (for this example, I made new directory called inc) and save the file in the new directory:

Code: Select all

/user/www/domain.com/inc
Now, you need to edit your httpd.conf file, and add this line:

Code: Select all

Include “/user/www/domain.com/inc/db_info”
Now, to use your userid and password in your scripts use:

Code: Select all

UserID: $_SERVERї'DB_USER']
   Password: $_SERVERї'DB_PASS']
This makes your scripts more secure now because you never have to use your userid and password in any of you scripts. And you dont have to include anything as well, so even if someone was able to get your source code, they would not get your mysql userid and pass. And your db_info file is outsite of your document root path and is not acceable to outside users. Just be carefull not to use phpinfo() or print_r($_SERVER) as it will expose your userid and password variables.

Posted: Mon Jan 24, 2005 2:37 pm
by timvw
more on that solution can be read here: http://shiflett.org/articles/security-corner-mar2004

Posted: Mon Jan 24, 2005 2:54 pm
by alix
Thanks alot guys, i've got some learning to do... This all should help. :)