Roberto Mansfield wrote:
Bastien Koert wrote:
store your password/access credentials outside the web root and use php
to read the data in.
This is good for web attacks, but I'm thinking of an account break in
where someone is accessing files directly on the server.
I suggest you think about this for a second before you start designing
with a really pointless obfuscation system. Say someone is accessing
files directly on the server... if they can get at the file that
contains the password then they can also get at the PHP code that will
de-obfuscate it. Spend your time locking the doors rather than putting
5-minute obstacles in the path.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php