The best way is to not store the password at all.
Store a hash of the password like this:
INSERT INTO users SET pass = MD5('password');Now not knowing how you authenticate those passwords this might not work.
If it's an internal web page via PHP all you do is MD5 the users supplied password and compare to you DB.
Dan Tappin (The other Dan T)
On Mar 1, 2005, at 5:09 PM, Rob Tanner wrote:
WE have a number of PHP webpages that access one of several MySql databases
and while the PHP files that contain the passwords cannot be accessed via the
web, we are becoming increasingly concerned over the possibility of other
webpage maintainers viewing those files. How have other folks protected
database passwords needed by PHP apps?
Thanks.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
