0

I have a PHP application that needs to connect to a Postgres database and I don't want to store the credentials in a config file outside the web tree, if I can help it. I installed the pgsql module.

I read this SO post and like the idea of putting them in httpd.conf

I was wondering if anyone has figured out a way to store PostgreSQL db credentials in httpd.conf.

There are no predefined php.ini directives for PostgreSQL PHP module like there are for MySQL PHP module, as far as I can tell:

http://php.net/manual/en/ini.list.php

php_value mysql.default.user      myusername
php_value mysql.default.password  mypassword
php_value mysql.default.host      server

Thanks

Improve this question
7
  • I'm not aware that such options exist for PostgreSQL. What exactly are your objections against storing the settings in a config-file? Imo storing them inside php_value settings may even be more dangerous, not sure, but will they be output by phpinfo()? If you don't want to store credentials at-all, it's possible to set a 'trust' authentication for a user from the local machine, this way a local user doesn't have to provide a password (postgresql.org/docs/current/static/auth-methods.html). Commented Jan 28, 2013 at 19:39
  • As long as you don't set them as server environment variables, they won't show up in php.ini so I think I'm OK there. This is a remote connection so not sure if Postgres trusted auth would work. Commented Jan 28, 2013 at 19:42
  • Trusted connections are possible from a remote server and can be specified for a certain user and host/ip-address, however SSL Certificate authentication may be more appropriate in that case Commented Jan 28, 2013 at 19:49
  • I just tested setting the mysql.default_ settings in my php.ini and they DO appear in phpinfo() output: jsfiddle.net/MTPy9 ok, phpinfo() should never be present on your website, but still Commented Jan 28, 2013 at 19:58
  • Well, that's not good... Commented Jan 28, 2013 at 20:18

1 Answer 1

Reset to default
0

You have a few options here.

  1. The best option, if you can do it, is to use certificate auth and a client certificate.

  2. The second best option if you can is to use a .pgpass file, which would store this in the home directory of the user that Apache runs as.

  3. Your third option is you could use mod_rewrite to set the PGUSER and PGPASSWORD environment variables. Note that this is pretty dangerous because anyone on the server could access the environment and learn the username and password.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.