Assuming they have access to the PHP files, all decoding keys would be
available there, so while encrypting the database would definitely slow up
the attacker, it would only do so until they discovered the decoding method.
Any experienced hacker would find this in no time. If you pre-compile
://www.icverify.com/
Payflow Pro products/payflow/pro
CyberCash
- Original Message -
From: I. Gray [EMAIL PROTECTED]
To: php-db@lists.php.net; Bastien Koert [EMAIL PROTECTED]
Sent: Tuesday, June 14, 2005 9:36 AM
Subject: Re: [PHP-DB] Security and MYSQL databases
Thanks,
I kind
You should never [almost never ever] store cc details from your users.
Integrate a 3rd party payment processor into your site and process the
payments immediately. It will cut down on fraud and chargebacks by the
users. Its also more secure since the cc details are not stored on your
machine.
Thanks,
I kind of suspected this, but it's good to be told. I wouldn't want to
like to think my CC details were held on some database somewhere where
it can get hacked into. Apart from paypal are there any other 3rd party
payment processors that anyone recommends? I think we're perhaps
]
Sent: 17 January 2005 03:47
To: php-db@lists.php.net
Subject: Re: [PHP-DB] Security Question
But what I'm saying is that if you're submitting a form from an unsecured
page, to a script on a secure server, the data will still be encrypted.
Anyone know this for sure to be correct? It sure
If it submits to a secure server the form data will be encrypted before
transmission I believe. At least that's my understanding, and that seems to
be how ebay does it for example. Once you log-in, it submits to a secure
page.
-Micah
On Sunday 16 January 2005 06:38 pm, Chris Payne wrote:
the login page on a non secure server but post the form
to a secure server.
Peter
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: 17 January 2005 02:46
To: php-db@lists.php.net
Subject: Re: [PHP-DB] Security Question
If it submits to a secure server
secure server but post the
form to a secure server.
Peter
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: 17 January 2005 02:46
To: php-db@lists.php.net
Subject: Re: [PHP-DB] Security Question
If it submits to a secure server the form data
From: Dylan Barber [EMAIL PROTECTED]
I am accessing a database on my site from another site - I am
not the only developer on the other site and there is the potential
for someone to access the database for nefarious purposes from
the other site. Can I somehow protect the password and still have
Jonathan Haddad wrote:
so I've been doing a little thinking about web server security..
#1. Since all files on the web are 644, what is to stop someone on the
same server from copying your files to their own directory?
(specifically your database connection info)
#2. if a folder if 777, what's
so I've been doing a little thinking about web server security..
#1. Since all files on the web are 644, what is to stop someone on the
same server from copying your files to their own directory?
(specifically your database connection info)
#2. if a folder if 777, what's to stop someone
From: Galbreath, Mark A [EMAIL PROTECTED]
Does anybody know if the security issues outlined in
http://www.securereality.com.au/archives/studyinscarlet.txt
are still salient or not? My boss wants a technical document outlining
the
security risks of using PHP in an attempt to get it approved
check
http://www.mysql.com/doc/en/Miscellaneous_functions.html
it covers a number of options
Peter
---
Excellence in internet and open source software
---
Sunmaia
www.sunmaia.net
tel. 0121-242-1473
how can you find out what the php.ini is looking like? is there a way to
use php to get that info. i have used phpinfo() but i cannot see whether or
not file_uploads is disabled
Jas
Paul Burney [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED];
on 3/3/02 7:39 PM, Ric Mañalac at [EMAIL
[mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 8:35 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] security
how can you find out what the php.ini is looking like? is
there a way to
use php to get that info. i have used phpinfo() but i cannot
see whether or
not file_uploads
on 3/4/02 11:34 PM, jas at [EMAIL PROTECTED] appended the following bits
to my mbox:
how can you find out what the php.ini is looking like? is there a way to
use php to get that info. i have used phpinfo() but i cannot see whether or
not file_uploads is disabled
It will only show up in PHP
on 3/3/02 7:39 PM, Ric Mañalac at [EMAIL PROTECTED] appended
the following bits to my mbox:
i personally think that the developer still has
the control in making his php code secure. but how do you
think will this news affect php as one of the most popular
choice for web developers?
1st, you should limit the permissions that you have for the user doing
the update.
This user should not be able to do things like ALTER / DROP / CREATE
etc...
If you don't have a need for the DELETE command you can remove the
permissions for it to, however this does not solve all of your
A quick suggestion would be to build your query normally and then don't run
the query if it has a semicolon that isn't inside quotes. Also, use single
quotes in the update to make your checks easier:
UPDATE table_name SET field1='value1'
-Original Message-
From: Ronald Wiplinger
To:
PHP runs via Apache, so it adopts the user that Apache uses, essentially.
You can use a program like sudo to allow them to run certain commands on the
server.
Jonathan
-Original Message-
From: Simon R Jones [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 23, 2001 10:31 AM
To: [EMAIL
But how do you set it so a webuser would run sudo? That sounds pretty
dangerous, to me.
I have a similar situation where I want PHP to create a subdirectory and
set privileges to it based on the login user. I end up having to create
the directory by hand via SSH and then run the php script.
]; PHP-DB (E-mail)
[EMAIL PROTECTED]
Sent: Wednesday, May 23, 2001 1:12 PM
Subject: Re: [PHP-DB] security in PHP under Apache
But how do you set it so a webuser would run sudo? That sounds pretty
dangerous, to me.
I have a similar situation where I want PHP to create a subdirectory and
set
22 matches
Mail list logo