Jason Wong wrote:
Why? It's not going to offer any protection. If I know your encrypted password and am able to access your database using it there is no reason for me to know what your cleartext password is. In other words if I am able to read the file containing your password (whether encrypted or cleartext) then I can access your database.
Sorry for the silly question, you are probably right.
Would it be possible to encrypt the whole file, so that the password could not be read?
Somewhere on your web server you are going to need to have whatever information is necessary for the web server to decrypt the file so that it can make use of it. That information will need to be readable by the user your web server is running as, just like your current file.
About the only security benefit I can see from something like this is if the information required to decrypt the file came from the web site user over an SSL encrypted session, otherwise you are simply moving your plain text information to a different file.
- Ben
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
