[nycphp-talk] Where to store credentials and/or keys
Aaron Fischer
agfische at email.smith.edu
Mon Aug 14 15:57:17 EDT 2006
> Aaron Fischer wrote:
>
>>One issue is regarding where to store MySQL database credentials
>
> [SNIP]
>
>>I now have security books from Shiflett
>
Chris Shiflett wrote:
> Check out Chapter 8. It's all about shared hosting and addresses this
> particular problem. It's also covered in the PHP Cookbook.
>
> http://shiflett.org/articles/security-corner-mar2004
>
> Hope that helps.
>
> Chris
>
Chris, thanks for the pointer, I just re-read that section of Chapter 8.
I haven't done Apache admin stuff and don't fully comprehend the
VirtualHost block piece but I think I may understand the general idea.
Putting the include path in my block would ensure the $_SERVER variables
are only accessible to PHP code that I run from my directories and
wouldn't be available from PHP running from other directories on the server?
Also along those lines, if someone from another area of the server runs
phpinfo() they won't see those $_SERVER vars?
I'm not sure how my admin has Apache set up, but I hope he's using
VirtualHost blocks. I also hope he knows what I'm talking about when I
ask for this setup! =)
-Aaron
More information about the talk
mailing list