database username and password encryption

padma

Hi,

I am using oracle to connect to my databases through php.

$db_conn = ociplogon("scott", "tiger", "DEMO");

The above line is coded in my php. I would like to avoid putting username and password in the php file.

How can I encrypt this information?

Thanks.

wilsonodk

Originally posted by padma
Hi,
I am using php to connect to my Oracle databases.
$db_conn = ociplogon("scott", "tiger", "DEMO");
The above line is coded in my php. I would like to avoid putting username and password in the php file.
How can I encrypt this information?
Thanks.

I don't know how to encrypt it. But I do know how you can increase the security of the information.

// In a seperate file outside of your web folder
// personal.php
$username = "scott";
$password = "tiger";

// In your file that is making the connection to the DB
@require([i]path to the file outside your web folder[/i]);
// Depending on how your web server is set up it will be something like:
// "/home/scott/personal.php"
// Make a persistent connection
$db = "DEMO";
$db_conn = OCIPLogon($username,$password,$db);

Putting the file outside your web folder means that no one can access the file from a browser. Using an at sign ("@") before the function calls it silently, so if their is a problem recieving it, no errors will generate. That way no one will learn the name of the file.

HTH

qwest

u did not specify which is Web server u r running

anyway if and only if it is Apache this is the way to secure login info

goto the folder where u have stored ur scripts.
create a file and name it as .htaccess
put this text into it without quotes
"<Files db-include.inc>
order allow,deny
deny from all
</Files>"
Save it, close it and create one more file...if u have guessed it...yup it is db-include.inc
insert this text again without quotes into this file

"<?php
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_NAME', 'instance');
?>"
6. save it n close it
7. Now open the php file in from which u r trying to connect to oracle and insert this line just after <?php (yup without quotes)
"require('./db-include.inc');"

now here is how u r goin to reference it from ur php code

<?php
.
.
.
OCILogon(DB_USER,DB_PASS,DB_NAME);
.
.
.
?>

i think that must do it.

Regardz
Qwest