On 05/02/2004 at 11:48 Ford, Mike [LSS] wrote: >On 05 February 2004 11:30, Harry Sufehmi wrote: >> As you can see, the content will be secured, but the script >> is now becoming the weak point since it'll store the >> encryption key needed to decrypt the content. > >I hope you don't mean that literally. If you're really being security >conscious, the encryption keys should be in an include file that lives >*outside* the Web document tree.
Of course we'll do it like that. And anyway I was talking about if the cracker has actually gained (root) access to that server itself - which makes putting the keys outside the web directory irrelevant. cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
