Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


php require_once() with a remote file [php 5.0, Windows Server 2003]

Posted on 2010-01-12
Medium Priority
Last Modified: 2013-12-13
Hey folks,

I have a remote (hosted) windows server 2003 that is our primary development test web server. On a local machine here at the office, Windows XP Pro, I want to include a remote file in a php script with the database credentials so the local user can interact with the db, but never see the username/password.

Something like this:

<?php require_once("http://www.domain.com/databaselogin.php"); ?>

I have allow_url_include directive set to On in php.ini, but I still seem unable to include the remote file. I was thinking perhaps permission/connection issues on the remote server, but I'm able to include the file properly in plain text (.txt) form and it works. Is it simply that I'm unable to include .php extension files from a remote location for rendering reasons? If so, is there another, secure way to maintain credentials remotely without giving local users access to them?

Question by:jmoriarty
  • 4
  • 2
LVL 11

Expert Comment

ID: 26300206

"but I'm able to include the file properly in plain text (.txt) form and it works"

When you include the php file, you are not really including the php code, you are including the result of all that code, I mean all the information "echoed" for the script. If you want to get some remote connection parameter you will need to learn about Web Services,

but anyway, seems that the file that you are trying to include is a connection to a DB, possibly a DB that is in that remote server too, so, A better way is set the connection to the remote DB directly in your host... =P

I mean, you create your DB connection file, and host it in the same server that the rest of your application, but in that DB connection script you set up the connection to the remote DB in the remote server.. ;)


Author Comment

ID: 26300252
Actually, the db resides on a 3rd server, I should've specified more clearly; and I was trying to mask the DB credentials entirely off the local machine to only an interface. A WSDL/web service is a viable option, I was trying to do something "quick and dirty". The setup is basically (local machine) -> remote web server -> database server. I want the local machine to be able to connect to the remote database without allowing someone to simply open the php file on the local machine in a text editor and see the database credentials, if that makes sense.

And good point about the plain text.
LVL 11

Accepted Solution

VanHackman earned 2000 total points
ID: 26300415

"I want the local machine to be able to connect to the remote database without allowing someone to simply open the php file on the local machine in a text editor and see the database credentials, if that makes sense."

Yeah, it makes sense, I have had the same need before.
And the best way to do it is implementing a web service.

Anyway, as you need something "quick and dirty".

I would suggest you a tricky solution:

You can set up your DB connection file in the remote server to check up the IP of the incoming requests, if the IP is equal to the IP of the host with your application, your script will print out all the code for the DB connection.

I know that some one here will shout like a crazy saying that it is dangerous, because some hacker can supplant the host's IP,  I already know that and I am just suggesting a way to do it, but you can (and must) take some extra security preventions like make the transaction over a secure protocol or using SSL directly, or even posting some credential to your DB connection script in order to identify yourself before it show the information, but that way will start to convert the system in a Web Services and you already said that you need something simple... xD

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 32

Expert Comment

ID: 26300650
If you're trying to keep people from seeing unencrypted credentials, there might be an easier way.

You can use base64_encode and decode along with the eval statement to encrypt your data.

The concept is relatively simple. See code below
$code_to_be_extreemly_well_encrypted = 'print \'Hello World\';';
print '<?php eval(base64_decode(\'' . base64_encode($code_to_be_extreemly_well_encrypted) . '\'));?>';

Open in new window

LVL 11

Expert Comment

ID: 26305659
Well, I think that Obfuscate the code will be a better approach that only encrypt the credentials.

Author Closing Comment

ID: 31676481
Great ideas; thanks for the help, and apologies for the long delay in response.
LVL 11

Expert Comment

ID: 26333739

Thanks for the points!.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question