Re: PHP shell commands

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Lucas Prado Melo wrote:

Hello,
Some php applications store database passwords into files which can be
read by the user www-data.
So, a malicious user which can write php scripts could read those passwords.
What should I do to prevent users from viewing those passwords?


Not too much really.

The webserver needs to be able to read a config file.
You could obfuscate the fields/entries or encrypt them somehow, but it needs to be a two-way encryption (ie you're going to need to undo the encryption to be able to use the password). 

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux