this is different...the idea around this new module is that you won't have
any script in your server with your configurations in plain text, let me
show you another exemple:
runonce.php:
/* This script will be only run once and then must be erased */
$conf[dbhost] = "10.10.60.1";
$conf[dbname] = "mydatabase";
$conf[dbuser] = "admin";
$conf[dbpass] = "weakpass";
cfg_set("db.cfg",$conf);
/* End of runonce.php */
And then you'll have a file calle db.cfg with all your configuration stored
encrypted.
And then, when you need to use it you do:
dbconnection.php:
/* ...... All connection functions ..... */
$vars_db = cfg_get("db.cfg");
connect($conf[dbhost], $conf[dbname] , $conf[dbuser] , $conf[dbpass] );
/* FIN */
So if anyone hack into your server, he won't get your vital configurations
in plain text.
And the encryption method can be changed easily, just doing a new
libmycrypt.so. Like I said, libmycrypt.so is meant to have the funtionc
(char *)my_crypt(char *) and (char *)my_decrypt(char *).
The encryption method will be the user/admin choice.
Keyser Soze
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Keyser Soze" <[EMAIL PROTECTED]>
Cc: "PHP-DEV" <[EMAIL PROTECTED]>
Sent: Tuesday, March 05, 2002 3:31 AM
Subject: Re: [PHP-DEV] New Module
Hey,
why not simply use the mcrypt functions available in PHP?
Derick
On Mon, 4 Mar 2002, Keyser Soze wrote:
> Hi all,
>
> I have developed a new module that may be of interest of you. I'm putting
it
> under GNU license.
> The module consist of two functions:
> bool cfg_set(string file,assoc array vars): it saves configurations in
vars
> crypted into file
> array cfg_set(string file): returns the associative array uncrypted
>
> This module uses a library called libmycrypt.so which must be developed by
> the user and must have two functions:
> char *my_crypt(char *string)
> char *my_decrypt(char *string)
>
> This module was intended two protect the configurations of database like:
> user, pass, ip, dbname,.... so that even if someones get his hands on the
> php scripts, he can't get those variables.
>
> I just need to comment out the code, but it will be ready tomorrow for
sure.
> To where should I send the code, so if you are interested, put in php
> distribution???
>
> Regards,
> Fabricio Olivetti de França
> aka Keyser Soze
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
