On Sunday 27 February 2005 20:53, Micah Stevens wrote:
I think about as safe as you can get is by putting the connection data
out of the served directory, somewhere that's not directly accessable,
and concentrate on system integrity. (security wise)
A refinement of this technique is available
On Monday 28 February 2005 18:44, Simon Rees wrote:
On Sunday 27 February 2005 20:53, Micah Stevens wrote:
I think about as safe as you can get is by putting the connection
data out of the served directory, somewhere that's not directly
accessable, and concentrate on system integrity.
On Monday 28 February 2005 10:52, Jason Wong wrote:
If you don't need the flexibility of the custom program and would rather
make use of existing infrastructure:
http://marc.theaimsgroup.com/?l=php-generalm=110137778213700w=2
You said in that post: Set default MySQL user and password in your
On Monday 28 February 2005 19:33, Simon Rees wrote:
You said in that post: Set default MySQL user and password in your
virtual host container. Then connect to MySQL without specifying user
and password.
Presumably the file which contains the virtual host directive is
readable by the process
The original question was concerning that if someone somehow had access to
the file which stored the connections details then they would be able to
use it to connect to the mysql server. Now if someone somehow had access
to your key then it's game over for you. Unless you password
Well, yes, but as my key is never transmitted from client to server, it's
safer. ;)
I encrypt a connect request with my private key, which is can be unencrypted
by the public key, but the server knows it's me because only the private key
can make the encryption. The message is sent over the
On Sunday 27 February 2005 07:11, Micah Stevens wrote:
Well, yes, but as my key is never transmitted from client to server,
it's safer. ;)
I encrypt a connect request with my private key, which is can be
unencrypted by the public key, but the server knows it's me because
only the private key
On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams [EMAIL PROTECTED] wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
Nope, the login function uses cleartext. Put your connect function in a
seperate file in a secure directory, and include() it to make the connection.
That seems to be the way to do it, someone else may have a better idea.
-Micah
On Thursday 24 February 2005 02:37 am, Gael Lams wrote:
Hi
Not answering your question but I'd put the connect info into a separate
include file. This should then be placed in a directory that can be
accessed by the Web Server but not by any other user (except root). Then
when you need to establish a connection you just need to include the file.
On Thu, 2005-02-24 at 02:37 -0800, Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to
I was just thinking that a better way to do this is with a public/private key
set. Then it would be secure, but as someone else mentioned, you'd have to
patch the source to make it work.
-Micah
On Friday 25 February 2005 07:29 am, Robby Russell wrote:
On Thu, 2005-02-24 at 02:37 -0800,
[never made it to list, no idea why - been 26 hours - resending.]
[ may have been since it had reply-to field before to - funny...]
Gael Lams wrote:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder
You could programmatically build the connection string in the php connection
file, couldn't you? Have a line that sets a variable equal to the MD5 hashed
value. Then, build the connection string, applying a call to a function that
unhashes the password. That way, the password itself never
You can't unhash MD5.. it's one way only. You could encrypt something and
unencrypt it later, but it's not clear what advantage you would get out of
what you're saying.
Perhaps I don't understand, but if you have a separate connection file, why
would you need to pass a password at all?
On Saturday 26 February 2005 04:16, Micah Stevens wrote:
I was just thinking that a better way to do this is with a
public/private key set. Then it would be secure, but as someone else
mentioned, you'd have to patch the source to make it work.
How would it be safer? Correct me if I'm wrong:
Hi all
I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads
18 matches
Mail list logo