Avoid Typing Passwords In my Scripts

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ashosheh
Forum Newbie
Posts: 3
Joined: Sun Jan 01, 2006 9:00 am

Avoid Typing Passwords In my Scripts

Post by ashosheh »

hi all ....
I connect to oracle database from my script, but i don't want to write the database username & password explicitly in the script (eg. ora_connect($username,$password))
what i'm thinking of is to make the database administrator set the username and the password and put them in the memory, so all scripts can see them.
the question is (HOW???)
i tried to use getenv() and putenv() but didn't work.

please help me.
thanx in advance
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

If you're worried about other's viewing the source and getting the user and pass, then you might want to think about the fact that anyone who gets access like that could also modify the file to echo both variables.
User avatar
shiflett
Forum Contributor
Posts: 124
Joined: Sun Feb 06, 2005 11:22 am

Re: Avoid Typing Passwords In my Scripts

Post by shiflett »

ashosheh wrote:I connect to oracle database from my script, but i don't want to write the database username & password explicitly in the script
I prefer the solution mentioned near the end of this article:

http://shiflett.org/articles/security-corner-mar2004

Hope that helps.
Post Reply