On 05 February 2004 13:10, Harry Sufehmi wrote: > On 05/02/2004 at 11:48 Ford, Mike [LSS] wrote: > > On 05 February 2004 11:30, Harry Sufehmi wrote: > > > As you can see, the content will be secured, but the script > > > is now becoming the weak point since it'll store the > > > encryption key needed to decrypt the content. > > > > I hope you don't mean that literally. If you're really being > > security conscious, the encryption keys should be in an include > > file that lives *outside* the Web document tree. > > Of course we'll do it like that. > And anyway I was talking about if the cracker has actually > gained (root) access to that server itself - which makes > putting the keys outside the web directory irrelevant.
OK, good -- I kind of assumed so, given your other precautions, but just thought I'd clarify for any novices coming upon this thread in the archives... ;) Cheers! Mike --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
