in reply to Securing your scripts on webhoster's server

Here's a simple one: set the password as an environment variable in your apache config file, and make the file readable only by you. The fact that the process is gonna setuid to user nobody (as is pretty common), is not an issue, because the config file is read before that happens.

This would, of course, not really help if you don't have your own apache process space (because, let's say, you and all of your peers are sharing port 80 via virtual hosts, and no reverse proxying -- ack!). Of course, if you don't have your own process space, then, really, how can you expect to have any kind of security at all?

I suppose, though, that in the case of not having your own process space at all, you could ask the server administrators to let you drop your own apache config section inside the <VirtualHost ...> block that applies to you, and then make use of the same idea. 

------------
:Wq
Not an editor command: Wq

[download]

In Section Meditations