On Sat, Aug 20, 2011 at 6:22 AM, DealTek <dealtek@xxxxxxxxx> wrote: > Hello, > > NEWBIE: I have a security question: > > When working with PHP and MySQL, it seems that a one method is to create a > connection.php page to the database that will store the connection > parameters such as username, password and URL ip in clear text and include > this on various pages. > > Since hackers seem to be getting better and better every day: > > - Is this common practice to store this security data in the clear on the > PHP webpage? > > - Wouldn't it be possible for a hacker to SNIFF around and pick up this > sensitive "clear text" security data? > > - Is there some better, more secure way to communicate from the website to > the MySQL data source that is somehow sending encrypted information rather > than clear text back and forth? > > Thanks in advance for your help. > > You can encrypt the access credentails using some public key encryption technique like RSA and then decode it inside php before connecting to db... But still you have to store the private key in plain text somewere... OR may be you can use 'hard to guess substitution ciphers' [i dunno if tht exists] or create an encryption logic of your own and then use it to encrypt the dataabse uname and pass..... Regards Midhun Girish