On 05/02/2004 at 13:17 Ford, Mike [LSS] wrote: >On 05 February 2004 13:10, Harry Sufehmi wrote: >> On 05/02/2004 at 11:48 Ford, Mike [LSS] wrote: >> > On 05 February 2004 11:30, Harry Sufehmi wrote: >> > > As you can see, the content will be secured, but the script >> > > is now becoming the weak point since it'll store the >> > > encryption key needed to decrypt the content. >> > >> > I hope you don't mean that literally. If you're really being >> > security conscious, the encryption keys should be in an include >> > file that lives *outside* the Web document tree. >> >> Of course we'll do it like that. >> And anyway I was talking about if the cracker has actually >> gained (root) access to that server itself - which makes >> putting the keys outside the web directory irrelevant. > >OK, good -- I kind of assumed so, given your other precautions, but just >thought I'd clarify for any novices coming upon this thread in the >archives... ;)
It's always a good idea indeed :) cheers, HS -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya v0sw6Chw5ln3ck4u6Lw5-2Tl6+8Ds5MRr5e7t2Tb8TOp2/3en5+7g5HC - hackerkey.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
