"John W. Holmes" <[EMAIL PROTECTED]> wrote:



> And where do you plan on storing this 'secret code' that your dynamic
> PHP script have to have access to in order to add users and send
> forgotten email messages??
> If you have something to protect, then you should have your own server
> or get it with someone you can trust. If the hacker can see your mysql
> data, they can see the source of your PHP scripts, and nothing is hidden
> anymore.

Unless you encode your PHP scripts ;) ...with Zend Encoder, perhaps?

I agree. You really need to have your own server, within your own premises,
(physically) accessible only by your own self if you're really thinking
about making your scripts/db/site "secure".

I am not against encoding/decoding passwords in the db. In fact, I'd even
say that it's a good idea to encode names, tel nos., e-mail addresses, etc.

But what beats me is this: This thread is about e-mailing passwords. If
you're thinking about security why would you send your user's password?
Beats me. (Unless of course you're using some kind of digital signature,
etc. and encoding you're e-mails as well...)

Just mho,

- E

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to