Gael Lams,
The problem is, MD5 is non-reversible. Any encryption you use that is
non reversible... obviously cannot be reversed, right? If it can't be
reversed, that's what you have to send for the connection - and anyone
sending that will get through just fine.
Here, let me explain. If you were to store the password MD5'd, say in
$password, you would have to pass that (the md5'd version) to
mysql_connect(). If you can pass it to that function, anyone can... and
so the encryption doesn't help anyone (except that the password is longer.)
Generally, the solution would be a challenge login, but even then the
client needs to know the clear text password, and so it needs to be
saved somewhere.
There is one solution to this: certificates, but that's still by
machine. See the documentatation for more information:
http://www.php.net/ref.mysql
-[Unknown]
Original Message
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do
Regards,
Gaƫl
function SQLConnect()
{
$server_name = 'localhost';
$db_name = 'cmsdb';
$user_name = 'user';
$password = 'clearpassword';
if (!$dbconnect =
mysql_connect($server_name, $user_name, $password))
{
echo Connection failed to the
host 'localhost'.;
exit;
}
if (!mysql_select_db($db_name))
{
echo Cannot connect to
database '.$db_name.';
exit;
}
}
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
