Security of PHP Scripts

Anon

I have started coding in PHP and using MySQL and everything is really easy to understand and apply. Still there is one thing that worries me. I want to install a couple of scripts that have the input for the pass/id for the database through an external file where the variables are stored. How safe is that supposed to be? Everyone can just see the variable. OK you may setup a user who can only query the database and not alter it, but still I don't feel ok about it. What can I do about it?

Anon

(Assuming *nix/Apache running PHP as a module)
This is a common problem.
If you have a dedicated server:
Put the pass/id-file in a location outside the webservertree.
ie your homedir or /etc/httpd/db.conf.
This way PHP can reach it but you can't get it with at external webbrowser.

If your on a ipbased-virtualserver. Put the id/pass-file in your homedir. Ask the serveradmin to put the User and Group stuff into the httpd.conf so that the webserver run as your uid/gid (prob allready done). "chmod 700" on the id/pass-file.

The real problem starts when you have your site on a namebased-virtualserver.
Then you can't get the server to run as a seperate user for each domain.
Still if you trust the other users on the server. Put the id/pass-file outside the reach of a webbrowser-request and make the file readable to the webserver-user(nobody?).
The flaw in this is that any user on the server capable on writing a php-script can access the id/pass-file throw a simple "exec('cat /home/someuser/db.conf')"

If somebody has a good solution on how to suid the execution of a phpscript or running namebased virtualhosts as seperate users please let me know cause I really need it aswell.

Anon

what is different between ipbased-virtualserver and namebased-virtualserver.

Thanks in advance.

kalpesh

Anon

A quick not so technical explination:

Namebased: One IP/machine, the webserver deciedes wich server to act as by looking for the Host: tag in the HTTP/1.1-request from the browser.

IP-based: One IP/webserver, the machine has several ips. The webserver decides wich server to act as by looking at what IP-address the browser is connecting to.

Anon

I have found that using a first pass user password before allowing access to the DB works rather well.

You hard code some user_password info the script then use a form that posts to itself the user_name/password info. If the info is there it uses a second echo that holds the DB access stuff. If its not there it defaults to the sign in again. All information is parssed and its impossible to get to the DB without the password.