I. Gray wrote:
I looked at my banks T&Cs and it says don't use software that stores your password unless it is used by a specific banking service.
You might like to send them an email to clarify; as a general rule your bank manager is the kind of person you least want to piss off ;)
I am going to look into the curl functions, but I am pretty sure that the bank won't let it work unless it thinks it is a proper browser like IE or Firefox, so can I change the useragent for this? If so, how do I do that?
Send the User-Agent header using the CURL function for setting a header ( not sure exactly what it is, but it's in the curl docs http://php.net/curl ) containing whatever User-Agent string you wanted; just copy-pasting a Firefox or IE one would usually work fine.
My other concern is storing my password details. I could store them on a MYSQL database and encrypt it, but I just want to make sure that it is as secure as poss.
If you encrypt the password then your script has to know the key to decrypt it and the place to find the encrypted password, so it might as well just know the password...
If it's run by a cronjob then you could run it as root, chown it to root and chmod it to 700 which would only allow root to read it. Then the password should be safe inside the script.
Doesn't this mean you'll be storing your password, just as their T&Cs prohibit? :)
-- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
