Bastien Koert wrote: > store your password/access credentials outside the web root and use php > to read the data in. This is good for web attacks, but I'm thinking of an account break in where someone is accessing files directly on the server. > Another alternative is to wrap those items in a > function and check the calling source to make sure its only your > application How would you do this? Thanks, Roberto >> From: Roberto Mansfield <robertom@xxxxxxxxxxxxx> >> To: php-db@xxxxxxxxxxxxx >> Subject: database password >> Date: Tue, 03 Apr 2007 09:39:32 -0400 >> >> Howdy all, >> >> Just wondering what -- if anything -- people are doing to protect >> plaintext database passwords in their PHP scripts. Ultimately, PHP needs >> a plaintext password to create the database connection, so it seems that >> obfuscation is the best we can achieve on this front. While not really >> secure by itself, obfuscation along with other measures (firewall, >> privilege separation, file system privileges, etc) can help slow someone >> down. So I've been looking into this approach at the moment. Any other >> ideas out there? >> >> Thanks, >> Roberto >> >> -- >> PHP Database Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > _________________________________________________________________ > http://local.live.com/?mkt=en-ca/?v=2&cid=A6D6BDB4586E357F!420 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
