Connect to ODBC without pw in Code 1

[kaeserea]

Dear all,

I use odbc_connect() to connect to a MS SQL database. Of course with that function I have to provide the password as a parameter. Now our company policy says, I should not have the password in code anymore.

Can anybody help? I have a windows server 2012 R2 with IIS and I already have a odbc connection to that MS SQL database established within the control panel. A system DSN, 64 bit, ODBC Driver 13 for SQL Server. (see attachment for a screenshot) So I thought I could maybe use that with the PHP, because the password is already in that system DSN and I would not have to type it into the PHP Code. Does anybody know how to do it?

Best wishes
Eva

 

[IPGuru]

To achive this the username & password must be stored somewhre thet the application can read them @ run time
For anything else the obvious place woud be the database

One option is for them to be stored in a file( out side of the web root!), preferably encrypted that the application can open & read.
I am sure there must be other solutions available & probably more secure.





Do things on the cheap & it will cost you dear

 

[spamjim]

our company policy says, I should not have the password in code

Your company is nuts. Passwords need to be stored somewhere.

I already have a odbc connection to that MS SQL database established within the control panel

That password is stored in code as well. You just don't know where to find it yet.

Your systems should be set up so that even if a password is exposed, your private data is not. That means locking down your database server so that it only accepts connections for that user from a specific IP address (configured via firewall and/or the user account settings).

Useful reading:

https://stackoverflow.com/questions/97984/how-to-secure-database-passwords-in-php

https://security.stackexchange.com/...ase-usernames-and-passwords-within-a-php-file