secret data for php pages

To: debian-user@lists.debian.org
Cc: debian-isp@lists.debian.org
Subject: secret data for php pages
From: Robert Varga <robi@piros.zold.net>
Date: Wed, 7 Jun 2000 19:46:29 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.3.96.1000607193615.31867A-100000@piros.zold.net>

Is there a way in which I can store some data (eg. mysql passwords) safely
from other users on a website and retrieve it from php3/4?

The site is running php3 or php4 as an apache_module, and I need to
provide separate mysql databases for each users inaccessible to all other
users, so each user's data in the database is safe from other users.

However the mysql passwords are need to be stored on the server
somewhere, and then they are retrievable, if special means are not taken.
I would be interested in these special means.

Since apache modules run with the id of the webserver itself
(www-data.www-data) therefore if the user passwords are stored in .php
files, then they must be readable by www-data, and therefore they are
retrievable (1. put on a php3 script which lists the public_html dir of
the other user, 2. put on a php3 script which displays all the files of
the other user's public_html, and there it is, 3. use this recursively
to reach directly untraversable directories).

I would not like to use php-cgi if it is not a necessity, due to the
performance drop.

Regards,

Robert Varga

Reply to:

Follow-Ups:
- RE: secret data for php pages
  - From: "Sean 'Shaleh' Perry" <shaleh@valinux.com>
- Re: secret data for php pages
  - From: Christian Hammers <ch@westend.com>

Prev by Date: Re: files/dirs under /var/www/
Next by Date: RE: secret data for php pages
Previous by thread: Re: problem with cfdisk
Next by thread: RE: secret data for php pages
Index(es):
- Date
- Thread