Ticket #36255

faq how to hide db-password from php script?

Eröffnet am: 2016-04-15 15:15 Letztes Update: 2016-04-21 13:43

Auswertung:
Verantwortlicher:
(Keine)
Status:
Offen
Komponente:
Meilenstein:
(Keine)
Priorität:
5 - Mittel
Schweregrad:
5 - Mittel
Lösung:
Keine
Datei:
Keine

Details

I am creating a php web-app/web-service with mysql database access that should become opensource.

Currently i have to put 2 php variable $dbuser=... and $dbpassword=... into the script to connect to the osdn database

so everbody who gets the source code for the script will know my osdn-username/osdn password.

what is the osdn prefered way to handle this issue?

Since i donot have the permission to create database users like

CREATE USER 'fdRatingUser'@'somehost.osdn.jp' IDENTIFIED BY '*******'; GRANT SELECT ON fdappratingserv.knownApp TO 'fdRatingUser'@'somehost.osdn.jp'

i cannot add an additional database user that does not have my osdn-login credentials.

my proposal to solve this issue.

every project gets two database users: one project-db-admin user that can create/modify tables and one aditional project-db-webuser that can receive grants from the project-db-admin user.

It would be nice if this issue is documented in https://osdn.jp/projects/docs-en/wiki/ProjectWebDB_FAQ

Note: i cannot assign this ticket to a component because the component names are in japanese and i donot speak japanese

Ticket-Verlauf (2/2 Historien)

2016-04-15 15:15 Aktualisiert von: klaus3b
  • New Ticket "faq how to hide db-password from php script?" created
2016-04-21 13:43 Aktualisiert von: ishikawa
  • Typ Update from Funktionsanfragen to Supportanfragen
  • Komponente Update from (Keine) to その他
Kommentar

klaus3b への返信

I am creating a php web-app/web-service with mysql database access that should become opensource. Currently i have to put 2 php variable $dbuser=... and $dbpassword=... into the script to connect to the osdn database so everbody who gets the source code for the script will know my osdn-username/osdn password. what is the osdn prefered way to handle this issue?

You would set correct permission to these kind of file to hide (can not read ) from non project members.

For example for project 'foo', target file 'bar'

  • http daemon running on project web server will execute the script as user: foo.p, group: foo, so web script should be read by user foo.p or group foo. The script file should have user foo.p read permission or group foo read permission.
  • The file owner can read and write the file.
  • Other people should not be able to read the file 'bar'.

In this stuation you can change permission the filr bar as bellow:

 chmod 640 bar

Dateianhangliste

Keine Anhänge

Bearbeiten

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Anmelden