You could programmatically build the connection string in the php connection file, couldn't you? Have a line that sets a variable equal to the MD5 hashed value. Then, build the connection string, applying a call to a function that unhashes the password. That way, the password itself never appears in code. I don't know a thing about unhashing MD5 encrypted strings. Sorry I can't help you there. But, it sounds like you've already found that info. Good luck, Bob Sherer -----Original Message----- From: Jon-Eirik Pettersen [mailto:jonepet@xxxxxxxxx] Sent: Thursday, February 24, 2005 10:54 AM To: Gael Lams Cc: php-db@xxxxxxxxxxxxx Subject: Re: password in md5 to connect to mysql instead of clear password On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <g_lams@xxxxxxxxx> wrote: > Hi all > > I use the classic following rows to connect to a mysql > database. I always put $passsword in clear in the php > connection file and I wonder whether there is a way to > have it in md5 so that someone reading the file could > not use it to connect to the db. I googled a bit but > find only threads explaining how to have password > saved in md5 inside a mysql table which is not I would > like to do Because MySQL is using another password-hashing-algoritm other than MD5, as far as I know, it is not possible. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
