NYCPHP Meetup

NYPHP.org

[nycphp-talk] Where to store credentials and/or keys

Aaron Fischer agfische at email.smith.edu
Mon Aug 14 15:57:17 EDT 2006


> Aaron Fischer wrote:
> 
>>One issue is regarding where to store MySQL database credentials
> 
> [SNIP]
> 
>>I now have security books from Shiflett
> 
Chris Shiflett wrote:
> Check out Chapter 8. It's all about shared hosting and addresses this
> particular problem. It's also covered in the PHP Cookbook.
> 
> http://shiflett.org/articles/security-corner-mar2004
> 
> Hope that helps.
> 
> Chris
> 

Chris, thanks for the pointer, I just re-read that section of Chapter 8.

I haven't done Apache admin stuff and don't fully comprehend the 
VirtualHost block piece but I think I may understand the general idea.

Putting the include path in my block would ensure the $_SERVER variables 
are only accessible to PHP code that I run from my directories and 
wouldn't be available from PHP running from other directories on the server?

Also along those lines, if someone from another area of the server runs 
phpinfo() they won't see those $_SERVER vars?

I'm not sure how my admin has Apache set up, but I hope he's using 
VirtualHost blocks.  I also hope he knows what I'm talking about when I 
ask for this setup!  =)

-Aaron



More information about the talk mailing list