On 09/17/11 19:45, Reza - Voipernetics wrote:
Nope! SSH Key will not do the trick here. IF the php file is compromised or someone has access to it (from the terminal)
This statement seems to imply that the php file is world-readable. Did you try making it read-only to the www user? Then terminal users cannot read the file.
If the attack is via from a browser client reading your source code via http; then you should place the encryption code into an include file that is not accessible via browser. Typically, the php conf file is configured such that a directory not visible to http visitors is searched for include files.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
