On 05 February 2004 11:30, Harry Sufehmi wrote: <...SNIP...> > As you can see, the content will be secured, but the script > is now becoming the weak point since it'll store the > encryption key needed to decrypt the content.
I hope you don't mean that literally. If you're really being security conscious, the encryption keys should be in an include file that lives *outside* the Web document tree. If your include path is given relative to the including script, a hacker also has to know the local pathname to the script in order to deduce the location of the included file containing the keys. On my site, the *only* PHP scripts visible to the Web server look like this: <?php ini_set('include_path', '../../relative/path/to/includes/'); require 'real_script.php'; ?> ... and the only reason that the include_path is set there and not in php.ini or equivalent is that I'm not the admin of the server and don't have access to configuration files! Cheers! Mike --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php