Assuming they have access to the PHP files, all decoding keys would be
available there, so while encrypting the database would definitely slow up
the attacker, it would only do so until they discovered the decoding method.
Any experienced hacker would find this in no time. If you pre-compile th
This is an issue I've been thinking about for an application we are
developing.
Is it worth encrypting data on the database tables when anyone who can
access the application itself - or better still the server - could
readily access the encrypted data? Assuming SSL connections, secure
server
.com/ ICVerify
http://www.icverify.com/
Payflow Pro products/payflow/pro
CyberCash
- Original Message -
From: "I. Gray" <[EMAIL PROTECTED]>
To: ; "Bastien Koert" <[EMAIL PROTECTED]>
Sent: Tuesday, June 14, 2005 9:36 AM
Subject: Re: [PHP-DB
't store
the data on the server, but send an encrypted email (using pgp) to
yourself with the account / order details for processing. But I
strongly recommend using a 3rd party processor.
Bastien
From: "I. Gray" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB]
pgp) to yourself with
the account / order details for processing. But I strongly recommend using
a 3rd party processor.
Bastien
From: "I. Gray" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] Security and MYSQL databases
Date: Tue, 14 Jun 2005 14:36:50 +0100
Hell
Hello.
Simple question. An SSL server and a standard a shared MYSQL server that
I have with my hosts. If I am to set up a shopping cart system, is this
a secure way of handling credit card details. What is the best way of
receiving the details? I assume an email is not a good way as these ca
TECTED]
> Sent: 17 January 2005 03:47
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Security Question
>
>
> But what I'm saying is that if you're submitting a form from an unsecured
> page, to a script on a secure server, the data will still be encrypted.
> Any
t; insecure login carries less risk.
>
> You could always host the login page on a non secure server but post the
> form to a secure server.
>
> Peter
>
> > -Original Message-
> > From: Micah Stevens [mailto:[EMAIL PROTECTED]
> > Sent: 17 January 2005 02:46
t the login page on a non secure server but post the form
to a secure server.
Peter
> -Original Message-
> From: Micah Stevens [mailto:[EMAIL PROTECTED]
> Sent: 17 January 2005 02:46
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Security Question
>
>
>
If it submits to a secure server the form data will be encrypted before
transmission I believe. At least that's my understanding, and that seems to
be how ebay does it for example. Once you log-in, it submits to a secure
page.
-Micah
On Sunday 16 January 2005 06:38 pm, Chris Payne wrote:
>
Hi everyone,
I have a security question, I want to see if I am right or wrong. I have
programmed a system with PHP and MySQL, the main system resides on a secure
server, but the client wants the login page on a NON-Secure server for
marketing purposes. Am I the only one who thinks this is a m
From: "Dylan Barber" <[EMAIL PROTECTED]>
I am accessing a database on my site from another site - I am
not the only developer on the other site and there is the potential
for someone to access the database for nefarious purposes from
the other site. Can I somehow protect the password and still hav
I am accessing a database on my site from another site - I am not the only developer
on the other site and there is the potential for someone to access the database for
nefarious purposes from the other site. Can I somehow protect the password and still
have it work?
Or I had thought of this b
> so I've been doing a little thinking about web server security..
>
> #1. Since all files on the web are 644, what is to stop someone on the
> same server from copying your files to their own directory?
> (specifically your database connection info)
> #2. if a folder if 777, what's to stop someon
Jonathan Haddad wrote:
so I've been doing a little thinking about web server security..
#1. Since all files on the web are 644, what is to stop someone on the
same server from copying your files to their own directory?
(specifically your database connection info)
#2. if a folder if 777, what's t
so I've been doing a little thinking about web server security..
#1. Since all files on the web are 644, what is to stop someone on the
same server from copying your files to their own directory?
(specifically your database connection info)
#2. if a folder if 777, what's to stop someone from wri
From: "Galbreath, Mark A" <[EMAIL PROTECTED]>
> Does anybody know if the security issues outlined in
>
> http://www.securereality.com.au/archives/studyinscarlet.txt
>
> are still salient or not? My boss wants a technical document outlining
the
> security risks of using PHP in an attempt to get it
Does anybody know if the security issues outlined in
http://www.securereality.com.au/archives/studyinscarlet.txt
are still salient or not? My boss wants a technical document outlining the
security risks of using PHP in an attempt to get it approved for general use
by Security. I just bought Moh
PHP for Apache
SQL Server 2k database
User is logged in with username and password.
We want to upload a file to web server, then call a VB
function to validate it and save it to a
table--Parameters: string in (file name), string out
(accepted or rejected display for user). All this
happens while u
Hi everyone,
on my site I created a login which is supposed to be secure. I'm not
familiar with how to surpass signups, but was wondering if people can see if
they can get my page to view without signing up. The page that is supposed
to be secured is the about me index. (the rest is still open).
---
-Original Message-
From: Doaldo Navai Junior [mailto:doaldo@;triunfo-bsb.com.br]
Sent: 22 October 2002 05:46
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Security
I need RSA cryptography (or another assymetric method) to crypt the data in
my db. How
I need RSA cryptography (or another assymetric method) to crypt the data in
my db. How can I do it?
Doaldo
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
on 3/4/02 11:34 PM, jas at [EMAIL PROTECTED] appended the following bits
to my mbox:
> how can you find out what the php.ini is looking like? is there a way to
> use php to get that info. i have used phpinfo() but i cannot see whether or
> not file_uploads is disabled
It will only show up in P
er from the bug. No big deal--go on with life!
Court
> -Original Message-
> From: jas [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 04, 2002 8:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] security
>
>
> how can you find out what the php.ini is looking lik
how can you find out what the php.ini is looking like? is there a way to
use php to get that info. i have used phpinfo() but i cannot see whether or
not file_uploads is disabled
Jas
"Paul Burney" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED].;
on 3/3/02 7:39 PM, Ric Mañalac at [EMA
on 3/3/02 7:39 PM, Ric Mañalac at [EMAIL PROTECTED] appended
the following bits to my mbox:
> i personally think that the developer still has
> the control in making his php code secure. but how do you
> think will this news affect php as one of the most popular
> choice for web developers?
Prob
hi everyone,
i'd just like to ask for comments re the current issue about
security vulnerability of php. CERT has released an advisory
regarding this. i personally think that the developer still has
the control in making his php code secure. but how do you
think will this news affect php as one o
where PHP might take you tomorrow.
-Original Message-
From: Ronald Wiplinger [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 02, 2002 4:00 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] Security concern with web forms (update of MySQL data
base)
A php page, which includes an update statem
Ronald Wiplinger
To: [EMAIL PROTECTED]
Sent: 3/1/02 6:00 PM
Subject: [PHP-DB] Security concern with web forms (update of MySQL data
base)
A php page, which includes an update statement for a MySQL data base:
I am trying to figure out, how I can make sure that an update form on
the
web cannot inclu
A php page, which includes an update statement for a MySQL data base:
I am trying to figure out, how I can make sure that an update form on the
web cannot include codes, that would update other parts of the database (or
worse destroy a database).
bye
Ronald
Ronald Wiplinger (ÃQ¤¯¯Ç), CEO
OTECTED]>
Cc: "'Simon R Jones'" <[EMAIL PROTECTED]>; "PHP-DB (E-mail)"
<[EMAIL PROTECTED]>
Sent: Wednesday, May 23, 2001 1:12 PM
Subject: Re: [PHP-DB] security in PHP under Apache
> But how do you set it so a webuser would run sudo? That sounds pretty
&g
But how do you set it so a webuser would run sudo? That sounds pretty
dangerous, to me.
I have a similar situation where I want PHP to create a subdirectory and
set privileges to it based on the login user. I end up having to create
the directory by hand via SSH and then run the php script.
T
PROTECTED]
Subject: [PHP-DB] security in PHP under Apache
hi there
does anyone know how to make PHP run as a different user than the default
one ("nobody" i believe). I have many users with websites and would like
them to be able to run PHP under their usernames so as to ensure security.
hi there
does anyone know how to make PHP run as a different user than the default
one ("nobody" i believe). I have many users with websites and would like
them to be able to run PHP under their usernames so as to ensure security.
Though I'm not sure this is possible unless I install PHP as a CGI
>I am using windows2000 and when I run php it enables anyone on my network
>to allow php coding to make directorys in my computer..
>How can I disable this feature so they can only make directorys/files in
their own directory?
You could try to run php in secure mode (not sure if this helps you wi
Hello..
I am using windows2000 and when I run php it enables anyone on my network to allow php
coding to make directorys in my computer.. How can I disable this feature so they can
only make directorys/files in their own directory?
Thanks
Michael(Fusion)
36 matches
Mail list logo