> Okay, so why are you giving users read access to the mysql data folder?
> They can also open up your .php file and find your "secret code."

I think, it is good discussion, so I try to go deeper to it, because we need
improve security. And I hope another people to join this.

Since I don't have my own server, I have to buy external hosting service
maybe in Costa Rica or in Panama or in South Africa, so I don't know who are
going to administrate my site first? Whoelse can have access to the system.
I don't know how safe is it? I just bought it because it was cheap, or
simply it was in my way.

And suppose some hacker is entered to the server, because he would like hack
the server not my user's mailbox. Surprise, he found plenty of address email
with its password. Really cool....

Using ENCODE and DECODE with protected 'secret code' help you to improve
your security and user's security. And you don't lost anything doing this,
on the contrary, it is a good marketing arguments, like as your system
(site) is more safe than other and user could fell in.

> It won't hurt anything to encode it in the database, but just don't get
> this overwhelming sense of security and think everything is safe.
>---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to