I work for a government department that stores a fair amount of private data in a database.In an attempt to secure database access, we have created a database table that contains all of the database logins and passwords. We have also created a class called "db_connect.php" which contains the login and password for this database table and creats a database connection and returns a database resource with access to the requested database to the calling script. What this allows us to do is to just say:
<?php
require "db_connect.php";
$g_application = "testapp";
$db = DB_Connect::connect();
$db->query("blahblahblah");
?>This is working perfectly, the only issue is that there are some security flaws in this. On the server (linux) we have the file only readable by the webserver user itself, and only writable by the dba group (only two people in it). If a developer were to read the source using a php script on the same server, they could get the master login and password.
What I would like to do, is build a php module that handle those database connections, but that seems like it would be way too much work. Can anyone think of any other solutions for this?
We're using redhat 5.x web servers, and Oracle 11g database servers. Each developer has ssh access to the servers (to roll things from dev -> test, as well as ftp access, managing their files, etc).
Thanks!