Mordred wrote:This is still a problem if there is a local file include vulnerability on the site. A better, more paranoid solution would be to keep the credentials in the environment, as proposed for example by Chris Shiflett here:
http://shiflett.org/articles/shared-hosting
Let me first thank you for the information before I comment and ask questions. This advice is very appreciated.
After taking a look at that link, let me summarize for anyone browsing the thread for information (correct me if I misunderstood any of it): it sounds like this is a vulnerability found in some shared hosting servers, and it sounds like a typical PHP coder would need specific access to Apache configuration to solve it (something only the host itself has access to), and that this solution could pose a security flaw if you accidentally make the mistake of using a function that outputs data from $_SERVER, including phpinfo(), meaning that you'd have to make sure you absolutely never let any user read the output of phpinfo() or similar functions.
So if you need Apache access to implement this solution, wouldn't it be difficult to do this, requiring you to contact your host and convince them to add your SetEnv directives to the apache configuration (and restart the server so that that the configuration changes are applied), and then go through the whole process every time you change your database username or password and also every time your hosting package is moved to another server? How likely is a typical host to be willing to go through all that trouble? (Dreamhost is the one I'm considering in the long-term, and I hear their support is good.. but I'm using another host until I need the extra bandwidth or until June of 2008 when the account is up)
And if another user on the same hosting server executes phpinfo() (on his own hosting space), or a similar function, will the function have access to the environment variables in
your hosting package, or are the environment variables separated?
All in all, I would like to apply this suggestion, but it sounds like it won't be easy, and could be impossible if my host doesn't cooperate.