Some php applications store database passwords into files which can be read by the user www-data. So, a malicious user which can write php scripts could read those passwords. What should I do to prevent users from viewing those passwords?
You could encode your file(s) using something like the Zend Encoder. This turns them into byte code IIRC, so it's hard (not totally impossible I think) to get the clear text.
-- Richard Heyes http://www.websupportsolutions.co.uk Knowledge Base and HelpDesk software that can cut the cost of online support ** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
