任务单 #36255

faq how to hide db-password from php script?

开放日期: 2016-04-15 15:15 最后更新: 2016-04-21 13:43

报告人:
属主:
(无)
类型:
状态:
开启
组件:
里程碑:
(无)
优先:
5 - Medium
严重性:
5 - Medium
处理结果:
文件:

Details

I am creating a php web-app/web-service with mysql database access that should become opensource.

Currently i have to put 2 php variable $dbuser=... and $dbpassword=... into the script to connect to the osdn database

so everbody who gets the source code for the script will know my osdn-username/osdn password.

what is the osdn prefered way to handle this issue?

Since i donot have the permission to create database users like

CREATE USER 'fdRatingUser'@'somehost.osdn.jp' IDENTIFIED BY '*******'; GRANT SELECT ON fdappratingserv.knownApp TO 'fdRatingUser'@'somehost.osdn.jp'

i cannot add an additional database user that does not have my osdn-login credentials.

my proposal to solve this issue.

every project gets two database users: one project-db-admin user that can create/modify tables and one aditional project-db-webuser that can receive grants from the project-db-admin user.

It would be nice if this issue is documented in https://osdn.jp/projects/docs-en/wiki/ProjectWebDB_FAQ

Note: i cannot assign this ticket to a component because the component names are in japanese and i donot speak japanese

任务单历史 (2/2 Histories)

2016-04-15 15:15 Updated by: klaus3b
  • New Ticket "faq how to hide db-password from php script?" created
2016-04-21 13:43 Updated by: ishikawa
  • 组件 Update from (无) to その他
  • 类型 Update from Feature Requests to Support Request
评论

klaus3b への返信

I am creating a php web-app/web-service with mysql database access that should become opensource. Currently i have to put 2 php variable $dbuser=... and $dbpassword=... into the script to connect to the osdn database so everbody who gets the source code for the script will know my osdn-username/osdn password. what is the osdn prefered way to handle this issue?

You would set correct permission to these kind of file to hide (can not read ) from non project members.

For example for project 'foo', target file 'bar'

  • http daemon running on project web server will execute the script as user: foo.p, group: foo, so web script should be read by user foo.p or group foo. The script file should have user foo.p read permission or group foo read permission.
  • The file owner can read and write the file.
  • Other people should not be able to read the file 'bar'.

In this stuation you can change permission the filr bar as bellow:

 chmod 640 bar

Attachment File List

No attachments

编辑

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » 登录名