[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

secret data for php pages

Is there a way in which I can store some data (eg. mysql passwords) safely
from other users on a website and retrieve it from php3/4?

The site is running php3 or php4 as an apache_module, and I need to
provide separate mysql databases for each users inaccessible to all other
users, so each user's data in the database is safe from other users.

However the mysql passwords are need to be stored on the server
somewhere, and then they are retrievable, if special means are not taken.
I would be interested in these special means.

Since apache modules run with the id of the webserver itself
(www-data.www-data) therefore if the user passwords are stored in .php
files, then they must be readable by www-data, and therefore they are
retrievable (1. put on a php3 script which lists the public_html dir of
the other user, 2. put on a php3 script which displays all the files of
the other user's public_html, and there it is, 3. use this recursively
to reach directly untraversable directories).

I would not like to use php-cgi if it is not a necessity, due to the
performance drop.


Robert Varga

Reply to: