Hide Database Password from the Server Admin
Posted: Fri Nov 13, 2009 4:54 am
I have been so interested in php security lately. I have been trying to figure out whether it is possible to hide database password from the server admin.
You know, normally you would write
mysql_connect("host", "username", "password");
Problem:
1. Admin can access to whatever file you placed the above.
Earlier I read that you can use setenv to create something like $_SERVER['NNTP_PASS']
misc_config.cnf
SetEnv NNTP_LOGIN "login"
SetEnv NNTP_PASS "passwd"
SetEnv NNTP_SERVER "1.2.3.4”
httpd.conf
<VirtualHost 1.2.3.4>
Include “misc_config.cnf”
</VirtualHost>
echo $_SERVER[‘NNTP_LOGIN’]; // login
echo $_SERVER[‘NNTP_PASS’]; // passwd
echo $_SERVER[‘NNTP_SERVER’]; // 1.2.3.4
Problems
1. I don't have access to httpd.conf (I am on shared hosting)
2. Admin can have access to misc_config.cnf
Please I need help, thanks.
You know, normally you would write
mysql_connect("host", "username", "password");
Problem:
1. Admin can access to whatever file you placed the above.
Earlier I read that you can use setenv to create something like $_SERVER['NNTP_PASS']
misc_config.cnf
SetEnv NNTP_LOGIN "login"
SetEnv NNTP_PASS "passwd"
SetEnv NNTP_SERVER "1.2.3.4”
httpd.conf
<VirtualHost 1.2.3.4>
Include “misc_config.cnf”
</VirtualHost>
echo $_SERVER[‘NNTP_LOGIN’]; // login
echo $_SERVER[‘NNTP_PASS’]; // passwd
echo $_SERVER[‘NNTP_SERVER’]; // 1.2.3.4
Problems
1. I don't have access to httpd.conf (I am on shared hosting)
2. Admin can have access to misc_config.cnf
Please I need help, thanks.