[linux-help] Re: Linux Apps
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Fri, 8 Dec 2000, Steven Saner wrote:
> A concern I have that maybe someone has dealt with, is running PHP with
> Postgres (or MySQL) on a server used by muliple people/customers,
> whatever. You can set up a seperate database on the Postgres/MySQL
> server for each customer, but how do you keep one customer from
> messing with another customer's database. You can put a password on
> the database, but how do you store the password in a secure fashion so
> your PHP script can send it to the backend when you try to make a
> connection?
maybe this is over-simplified, but could you store the db passwd as an
encoded string and use the base64_decode() function to read it? granted,
you'd have to first use the base64_encode() function to get the encoded
string to store, but that's not hard... i use this in one of my script to
base64-encode an e-mail address and use it as part of the URL
(...?Reply=<encode_string>) so that i can send the URL to someone and
retrieve/decode the e-mail address from $HTTP_GET_VARS without the
customer ever knowing what the e-mail address is...
another way you could do it is prompt for a passwd, then encript it and
compare it to a stored encrypted passwd (there's some function that
encrypts a string that cannot be decrypted w/ a PHP function)...
just some thoughts...
--
Jesse Kaufman | WebSurf Internet Access
Administration / Web Development | www.websurf.net
glandix@xxxxxxxxxxx | Ph: 316.945.7873
www.linuxfreak.com/~glandix | Fax: 316.946.9944
--
<<< Vim is a REAL man's text editor. I don't know why anyone else would
even bother with sissy programs like emacs, or even worse... pico! >>>
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
|
|