Re: secret data for php pages
Robert Varga wrote:
> What I need is a way to provide separate mysql databases to all
> virtualhosts and webserver users, without a possibility for them to access
> each other's databases.
Create a unique database for each site. Grant access to it from localhost
(and others if necessary) to a unique user.
GRANT ALL ON somedatabase.* TO someuser@localhost IDENTIFIED BY
'somepassword';
Adjust permissions as necessary of course ...
Store the mysql connection information in a PHP file in the webspace. I
often create a file db_config.php3 and it looks like this:
<?
$dbhost = "localhost";
$dbuser = "someuser";
$dbpasswd = "somepassword";
mysql_connect ($dbhost, $dbuser, $dbpasswd) or
die("Unable to connect to mysql server ($dbhost) ...");
?>
Include that file at the beginning of every PHP script and you know that
you have a mysql connection available for use automatically. Storing
within the webspace may not be ideal but if someone tries to access the
file directly through a browser the script is interpretted anyway and the
data isn't accessible (they will get a "document contains no data" error).
Make sure users cannot move up the "directory tree" when they login by
ftp. "DefaultRoot ~" in proftpd.conf will take care of that. Other FTP
servers should also have options for this.
My $0.02.
Fraser
Reply to: