Assuming they have access to the PHP files, all decoding keys would be
available there, so while encrypting the database would definitely slow up
the attacker, it would only do so until they discovered the decoding method.
Any experienced hacker would find this in no time. If you pre-compile th
TECTED]
> Sent: 17 January 2005 03:47
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Security Question
>
>
> But what I'm saying is that if you're submitting a form from an unsecured
> page, to a script on a secure server, the data will still be encrypted.
> Any
t; insecure login carries less risk.
>
> You could always host the login page on a non secure server but post the
> form to a secure server.
>
> Peter
>
> > -Original Message-
> > From: Micah Stevens [mailto:[EMAIL PROTECTED]
> > Sent: 17 January 2005 02:46
t the login page on a non secure server but post the form
to a secure server.
Peter
> -Original Message-
> From: Micah Stevens [mailto:[EMAIL PROTECTED]
> Sent: 17 January 2005 02:46
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Security Question
>
>
>
If it submits to a secure server the form data will be encrypted before
transmission I believe. At least that's my understanding, and that seems to
be how ebay does it for example. Once you log-in, it submits to a secure
page.
-Micah
On Sunday 16 January 2005 06:38 pm, Chris Payne wrote:
>
From: "Dylan Barber" <[EMAIL PROTECTED]>
I am accessing a database on my site from another site - I am
not the only developer on the other site and there is the potential
for someone to access the database for nefarious purposes from
the other site. Can I somehow protect the password and still hav