> > Okay, so why are you giving users read access to the mysql data folder? > They can also open up your .php file and find your "secret code."
I think, it is good discussion, so I try to go deeper to it, because we need improve security. And I hope another people to join this. Since I don't have my own server, I have to buy external hosting service maybe in Costa Rica or in Panama or in South Africa, so I don't know who are going to administrate my site first? Whoelse can have access to the system. I don't know how safe is it? I just bought it because it was cheap, or simply it was in my way. And suppose some hacker is entered to the server, because he would like hack the server not my user's mailbox. Surprise, he found plenty of address email with its password. Really cool.... Using ENCODE and DECODE with protected 'secret code' help you to improve your security and user's security. And you don't lost anything doing this, on the contrary, it is a good marketing arguments, like as your system (site) is more safe than other and user could fell in. > > It won't hurt anything to encode it in the database, but just don't get > this overwhelming sense of security and think everything is safe. > >---John Holmes... > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php