And the good Lord saw that clear was bad and gave us ssh... If you care that much build an ssh tunnel to the db server and talk over that. -----Original Message----- From: Jason Wong [mailto:php-general@xxxxxxxxxxxx] Sent: 20 December 2004 17:29 To: php-general@xxxxxxxxxxxxx Subject: Re: Using encrypted passwords On Tuesday 21 December 2004 00:03, symbulos partners wrote: > is it possible to use encrypted passwords in php files, for connecting > to a database? > > We do not like too much the idea of the password being in clear text. > > Example > $link = mysql_connect('localhost', 'mysql_user', 'mysql_password'); > > 'mysql_password' should be encrypted Why? It's not going to offer any protection. If I know your encrypted password and am able to access your database using it there is no reason for me to know what your cleartext password is. In other words if I am able to read the file containing your password (whether encrypted or cleartext) then I can access your database. ________________________________________________________________________ This message has been checked for all known viruses by the CitC Virus Scanning Service powered by SkyLabs. For further information visit http://www.citc.it ___ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
