[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secret data for php pages

Robert Varga wrote:

> What I need is a way to provide separate mysql databases to all
> virtualhosts and webserver users, without a possibility for them to access
> each other's databases.

Create a unique database for each site.  Grant access to it from localhost
(and others if necessary) to a unique user.

GRANT ALL ON somedatabase.* TO someuser@localhost IDENTIFIED BY

Adjust permissions as necessary of course ...

Store the mysql connection information in a PHP file in the webspace.  I
often create a file db_config.php3 and it looks like this:

  $dbhost   = "localhost";
  $dbuser   = "someuser";
  $dbpasswd = "somepassword";
  mysql_connect ($dbhost, $dbuser, $dbpasswd) or
    die("Unable to connect to mysql server ($dbhost) ...");

Include that file at the beginning of every PHP script and you know that
you have a mysql connection available for use automatically.  Storing
within the webspace may not be ideal but if someone tries to access the
file directly through a browser the script is interpretted anyway and the
data isn't accessible (they will get a "document contains no data" error).

Make sure users cannot move up the "directory tree" when they login by
ftp.  "DefaultRoot ~" in proftpd.conf will take care of that.  Other FTP
servers should also have options for this.

My $0.02.


Reply to: