I have some problem with pg_connect()

Anon

Dears,
I have to connect to postgreSQL by using pg_connect() that it must fill option like this :
pg_Connect ("host=sheep port=5432 dbname=mary user=lamb password=baaaa")
You can see that I have to fill my db password, but I don't want anyone to see my password. Would you help me to avoid showing password like this.

Thank you for your kindness.

Nattiya

smarlowe

Well, first off. If the php engine is turned on, then the chances of someone seeing your password are close to zero, since the password will get read and interpreted by the php engine and never passed out to the browser. If you're worried about "accidents" revealing your password, then you can put it into an include file in another directory that isn't in the same path as your web files.

Check to see what your include path is by running phpinfo in a php script and looking for include path. On my computer it's:

./:/www/php_include

That means that ./ (the current directory) and /www/php_include are the two places php code looks for include files. Since /www/php_include is not in the same area as my web pages, it isn't viewable should anything go wrong and the server stop interpreting php code.

By putting sensitive things into php_include, I can make sure that my include files never get served raw. another trick is to put the .inc files in your home directory and tell apache to never serve those kinds of files. not sure of the syntax off the top of my head n that one.

Anon

Hey,
Simplest would be to have a config.inc file or somewhere in the code define a variable to store a it with the password.
The other option we follow is to house encrypted files in a small db with a secure port which autheticates only specific hosts, and retirve the decrypt passwords to remote connect.

kparker

The other option we follow is to house encrypted files in a small db
with a secure port which autheticates only specific hosts, and retirve
the decrypt passwords to remote connect.

We've done this, too. If you own the whole machine, you can easily
write some simple thing that uses unix-domain sockets, and thus is
inherently inaccessible over the network. For the truly paranoid,
have it prompt for the key on startup, which you supply via a
SSH session. (This of course means the server can't fully start
w/o manual intervention, but that's the price you pay for
paranoia^{H^{H^{H^{H^{H^{H^{H^{H^{H^H}}}}}}}}} security!)

Anon

Thank you all of you for your sugesstions.
I don't know what encrypt funtion should be uses because I see that most of it is one-way encryption which hard to decrypt. So I try to seperate password in an include file and change mode to read only by me. This can help me to protect also another users in my system form seeing my password. But I am not sure that it maybe have problem after do this.