Participants
Howard Wells
Howard Wells
Adrian Klaver
Adrian Klaver
rob stone
rob stone
Attachments
Show all attachments
Thread Outline
#1Howard WellsHoward Wells
Sep 07, 2019
#2Adrian KlaverAdrian Klaverto Howard Wells (#1)
Sep 07, 2019
#3rob stonerob stoneto Howard Wells (#1)
Sep 08, 2019

How to access Postgres .pgpass file from php?

Started by Howard Wellsover 6 years ago3 messagesgeneral
Jump to latest
#1Howard Wells
Howard Wells
mr284@protonmail.com

I have my php files in the web root, and the Postgres 10 logon credentials are in the php file. I want to put them outside the web root for security, because a malicious robot could easily read the credentials.

After research, I found the .pgpass file. That looks like the ideal solution, but after even more research, I haven't found how to use that file from a php logon script.

Here is the section from my php script:

$dsn = vsprintf('pgsql:host=%s;port=%s;dbname=%s;user=%s;password=%s', [
'host' => '000.00.00.00',
'port' => '5432',
'dbname' => '[dbname]',
'user' => '[username]',
'password' => '[password]',
]);

Currently I store the real dbname, user and password in the php. My questions are:

1. How can I access it from the .pgpass file instead?

2. Where is .phpass loccated in Apache2 Ubuntu 18.04?

Thanks for any help with this.

Howard

#2Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: Howard Wells (#1)
Re: How to access Postgres .pgpass file from php?

On 9/7/19 3:17 PM, Howard Wells wrote:

I have my php files in the web root, and the Postgres 10 logon
credentials are in the php file.  I want to put them outside the web
root for security, because a malicious robot could easily read the
credentials.

After research, I found the .pgpass file.  That looks like the ideal
solution, but after even more research, I haven't found how to use that
file from a php logon script.

Here is the section from my php script:

$dsn = vsprintf('pgsql:host=%s;port=%s;dbname=%s;user=%s;password=%s', [
    'host' => '000.00.00.00',
    'port' => '5432',
    'dbname' => '[dbname]',
    'user' => '[username]',
    'password' => '[password]',
]);

Currently I store the real dbname, user and password in the php.  My
questions are:

1. How can I access it from the .pgpass file instead?

I think what you are looking for is the connection service file:

https://www.postgresql.org/docs/11/libpq-pgservice.html

2. Where is .phpass loccated in Apache2 Ubuntu 18.04?

Information on where .pgpass can be:

https://www.postgresql.org/docs/11/libpq-pgpass.html

Thanks for any help with this.

Howard

--
Adrian Klaver
adrian.klaver@aklaver.com

#3rob stone
rob stone
floriparob@gmail.com
In reply to: Howard Wells (#1)
Re: How to access Postgres .pgpass file from php?

Hello Howard,

On Sat, 2019-09-07 at 22:17 +0000, Howard Wells wrote:

I have my php files in the web root, and the Postgres 10 logon
credentials are in the php file. I want to put them outside the web
root for security, because a malicious robot could easily read the
credentials.

After research, I found the .pgpass file. That looks like the ideal
solution, but after even more research, I haven't found how to use
that file from a php logon script.

Here is the section from my php script:

$dsn =
vsprintf('pgsql:host=%s;port=%s;dbname=%s;user=%s;password=%s', [
'host' => '000.00.00.00',
'port' => '5432',
'dbname' => '[dbname]',
'user' => '[username]',
'password' => '[password]',
]);

Currently I store the real dbname, user and password in the php. My
questions are:

1. How can I access it from the .pgpass file instead?

2. Where is .phpass loccated in Apache2 Ubuntu 18.04?

Thanks for any help with this.

Howard

We use pg_service.conf to hold the access credentials.
It's just pg_connect("service=sandbox") for example, where 'sandbox' is
the tag for the database you wish to access.
Using Debian it is kept in the /etc/php/7.3/apache2 path, where 7.3
represents the php version. It needs to be owned by the Apache user
which defaults to 'www-data'. Permissions are 0600.

HTH,
Robert

← Back to Topics