473,320 Members | 1,861 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

access to the file containing passwords

258 100+
Hi
I have saved all my database password in a file called configure.php in a folder. Which users should I allow to access this file and which ones should I not?
Expand|Select|Wrap|Line Numbers
  1. +--------------------------------+
  2. |----------| Read |Write|Execute |
  3. +--------------------------------+
  4. |Owner     |      |     |        |
  5. +--------------------------------+
  6. |Group     |      |     |        |
  7. +--------------------------------+
  8. |all users |      |     |        |
  9. +--------------------------------+
  10.  
Oct 4 '07 #1
9 1448
ak1dnar
1,584 Expert 1GB
Which users should I allow to access this file and which ones should I not?
Great you are asking it from us ! Why you need to store the DATABASE passwords on a ".php" file?
Oct 4 '07 #2
bnashenas1984
258 100+
Hi
Here is an example.. When I use the code below
Expand|Select|Wrap|Line Numbers
  1. mysql_connect(Host, Username, Password);
  2.  
I can't just write my username and password. I may use this code more than 100 times in my scripts.. So it's better to use variables and put them in a file and then include the file whenever i need to connect to mysql. So I put my username and password in a file but i don't know which users should be allowed to access this file

Thanks for the reply
Oct 4 '07 #3
pbmods
5,821 Expert 4TB
Heya, bnashenas1984.

Or you can put the code to connect to the database in one file and then include it when you need to access it.

Have a look at this article.
Oct 4 '07 #4
ak1dnar
1,584 Expert 1GB
Hi
Here is an example.. When I use the code below

mysql_connect(Host, Username, Password);

I can't just write my username and password. I may use this code more than 100 times in my scripts.. So it's better to use variables and put them in a file and then include the file whenever i need to connect to mysql. So I put my username and password in a file but i don't know which users should be allowed to access this file

Thanks for the reply
The most secure way is, put your file out side the "web root" Then, from Php Application Level you can access this file. public users can't access it.
Oct 5 '07 #5
bnashenas1984
258 100+
Hi
Thanks for your replys. Thats a good idea to put the file outside the root but how can i access it myself? I mean what address should i use to access this file with a PHP script inside the root?

Thanks again
Behzad
Oct 5 '07 #6
pbmods
5,821 Expert 4TB
Heya, Behzad.

When you use include() or require(), you can specify a filesystem path.

Add this code to your main inc file:
Expand|Select|Wrap|Line Numbers
  1. ini_set( 'include_path', '/path/to/protected/folder:' . ini_get('include_path') );
  2.  
  3. require 'protectedFile.php';
  4.  
Oct 5 '07 #7
bnashenas1984
258 100+
Thank you pbmod for the reply
The code you sent seems to be useful but the problem is that I'v alrealy finished my scripts and I have used (include) function more than 100 times. So I don't think I can change my include directory easily. I think It's better to just move the file containing passwords outside the root.. The only thing I don't know is what address I have to use to access the file outside the root ( in a php file inside the root )
Oct 5 '07 #8
ak1dnar
1,584 Expert 1GB
Thank you pbmod for the reply
The code you sent seems to be useful but the problem is that I'v alrealy finished my scripts and I have used (include) function more than 100 times. So I don't think I can change my include directory easily. I think It's better to just move the file containing passwords outside the root.. The only thing I don't know is what address I have to use to access the file outside the root ( in a php file inside the root )
From a standard web browser, there is no way to access any file which resides out side the public web root. Why you need to access the file anyway? the require() or include() functions will do the job for you. Once you include your protected file in to a page which is inside the public web root, you can call to the public file, then internally that file will call for the protected file.

public_file.php

Expand|Select|Wrap|Line Numbers
  1. require 'path_to_protected_file';
  2. echo 'This file contains a protected file too';
  3.  
Oct 6 '07 #9
bnashenas1984
258 100+
Thanks for sharing your informations
It helps all the time
Oct 7 '07 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

2
by: John J. Hughes II | last post by:
I am having some major problem with maintaining security for my windows application to the SQL. Currently my application access the SQL using System.Data.SqlClient and all forms use stored...
7
by: dog | last post by:
I've seen plenty of articles on this topic but none of them have been able to solve my problem. I am working with an Access 97 database on an NT4.0 machine, which has many Access reports. I...
11
by: Grasshopper | last post by:
Hi, I am automating Access reports to PDF using PDF Writer 6.0. I've created a DTS package to run the reports and schedule a job to run this DTS package. If I PC Anywhere into the server on...
2
by: TechBoy | last post by:
I am trying to learn on the fly about Access Security for an app we are developing. I realize Access security is an advanced subject with many details. I wanted to share a scenario and ask a...
4
by: James | last post by:
I have a VB windows forms application that accesses a Microsoft Access database that has been secured using user-level security. The application is being deployed using No-Touch deployment. The...
6
by: Notgiven | last post by:
I am considering a large project and they currently use LDAP on MS platform. It would be moved to a LAMP platform. OpenLDAP is an option though I have not used it before. I do feel fairly...
26
by: codercode | last post by:
I'm working on a Visual Basic .NET using Access database. However, my client already have a 30MB database with Sybase ASA and Sybase is way too much for that. Is there anyway I can migrate from a...
2
by: JMG | last post by:
Hi All, I have no idea if this is the correct place to post this question, but I'm hoping so :). My problem is that I have a text file containing 5 sets of passwords on a single line space...
2
by: Emmi | last post by:
Once again on the db I have inherited... I have read numerous posts about how to set up security in access and have printed out the step by step instructions I found a link for from another post...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.