[SOLVED] php script plaintext password

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

peewster
New php-forum User
New php-forum User
Posts: 11
Joined: Mon Oct 10, 2011 3:20 am

[SOLVED] php script plaintext password

Postby peewster » Mon Mar 26, 2012 1:52 am

Hi all,

i was wondering how i can setup php with apache the right way. I have installed both, and i need to run some scripts including bash scripts.

example:

Code: Select all

$amount=shell_exec("vmrun <options> <user> <password> > <file> | wc -l");

To do this i need to type a plaintext password for the user, but the file also must be readable for php, and therefore the file permissions are 644, this allows anyone to read the file including the password.

When i remove the read permissions, php cannot read the script.

Any suggestions ?
Last edited by peewster on Mon Mar 26, 2012 3:21 am, edited 1 time in total.

peewster
New php-forum User
New php-forum User
Posts: 11
Joined: Mon Oct 10, 2011 3:20 am

Re: php script plaintext password

Postby peewster » Mon Mar 26, 2012 3:21 am

Solved this by creating a password file for user and group apache only.

vmrun -p `cat /<path>/<to>/<passwordfile>`


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 0 guests

cron