password encription in php
Hello,
i have a php appl that connects to a mysql db server, of curse i have to include the user and passwd, so far i have done it clear text... i would like to know how can i encript that user & passwd so nobody can see it if doing a cat, more or vi... i cant change the permission on the .php |
You can put the password in its own file and place that file in a directory that only the server has access to and don't allow directory browsing.
|
thanx...
i have the web server running with user1 from the group users. and the appl needs to be able to read that file anytime it must connect to the db, so i guess that user1 from the group users mut have read permissions on that file, and the user and passwd on the file stills are clear text... i need to know if i can encript the passwd on the file...so the people that makes vi, cat or more.... doesnt see the passwd |
How would you unencrypt the file? Another password? if so where would you keep that other password?
The only way to make it secure is for the user to provide the password, but if the users who have access to an editor don't have rights to the file then you are on the right track. |
This might give you some ideas:
http://simonwillison.net/2003/Apr/20/javascriptMD5/ The principle is that you encrypt information on both sides (server and client), send over the encrypted information and do a compare at the server side. jlinkels |
Quote:
|
All times are GMT -5. The time now is 05:59 PM. |