And the good Lord saw that clear was bad and gave us ssh...
If you care that much build an ssh tunnel to the db server and talk over
that.
-Original Message-
From: Jason Wong [mailto:[EMAIL PROTECTED]
Sent: 20 December 2004 17:29
To: php-general@lists.php.net
Subject: Re: [PHP] Using
On Tuesday 21 December 2004 20:06, symbulos partners wrote:
What we would like to achieve?
If a malicious user finds a way of entering of accessing the docroot (rwx)
of a website with CMS (PHP + MySQL), we would like to have further barrier
to him accessing the Mysql database.
Like I said,
symbulos partners wrote:
What we would like to achieve?
If a malicious user finds a way of entering of accessing the docroot (rwx)
of a website with CMS (PHP + MySQL), we would like to have further barrier
to him accessing the Mysql database.
We had some problem with one hacker using the
On Tuesday 21 December 2004 00:03, symbulos partners wrote:
is it possible to use encrypted passwords in php files, for connecting to a
database?
We do not like too much the idea of the password being in clear text.
Example
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
Jason Wong wrote:
Why? It's not going to offer any protection. If I know your encrypted
password and am able to access your database using it there is no reason
for me to know what your cleartext password is. In other words if I am
able to read the file containing your password (whether
symbulos partners wrote:
Dear friends,
is it possible to use encrypted passwords in php files, for connecting to
a
database?
We do not like too much the idea of the password being in clear text.
Example
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
Symbulos Partners wrote:
Jason Wong wrote:
Why? It's not going to offer any protection. If I know your encrypted
password and am able to access your database using it there is no reason
for me to know what your cleartext password is. In other words if I am
able to read the file containing your
What you might want to try doing is to create a connect.php file that
exists outside of your doc root that has the variables with your information
and simply include this file when you need to connect to your DB.
Now, this won't change the root problem - if someone's able to snoop your
On Tuesday 21 December 2004 02:15, symbulos partners wrote:
Sorry for the silly question, you are probably right.
Perhaps it would be better if you say what you are trying to achieve.
Would it be possible to encrypt the whole file, so that the password could
not be read?
Encryption is only
9 matches
Mail list logo
