password encription in php
 

Hello,

i have a php appl that connects to a mysql db server, of curse i have to include the user and passwd, so far i have done it clear text...

i would like to know how can i encript that user & passwd so nobody can see it if doing a cat, more or vi...

i cant change the permission on the .php

You can put the password in its own file and place that file in a directory that only the server has access to and don't allow directory browsing.

thanx...

i have the web server running with user1 from the group users.

and the appl needs to be able to read that file anytime it must connect to the db, so i guess that user1 from the group users mut have read permissions on that file, and the user and passwd on the file stills are clear text...

i need to know if i can encript the passwd on the file...so the people that makes vi, cat or more.... doesnt see the passwd

How would you unencrypt the file? Another password? if so where would you keep that other password?

The only way to make it secure is for the user to provide the password, but if the users who have access to an editor don't have rights to the file then you are on the right track.

This might give you some ideas:

http://simonwillison.net/2003/Apr/20/javascriptMD5/

The principle is that you encrypt information on both sides (server and client), send over the encrypted information and do a compare at the server side.

jlinkels

That's fine for when the client is logging into the server but the database password is normally different, and Mysql expects the password to be in plain text (as far as I am aware), remember MD5 is a one-way translation. But this idea works well with client to server authentication.