|
|
Posted by J.O. Aho on 05/27/07 18:05
_mario.lat wrote:
>>> I use PHP and I'd like to not write in hardcoded way password
>>> and login to access to mysql.
>>> how to not write password in code for access to mysql?
>>> How can I do?
>>> I'd like that who see my code don't see my paswords.
>>> there is a solution?
>> Now you can create the following file
>
> Thank you for answering me.
> I'm shure there is a better way with cript:
> DES or SHA, RSA...
As Elomaa already pointed out, you will have big trouble to decrypt the one
way hashes. You could use rot13 to encode/decode your passwords, it's not much
protection, but at the first glance someone may think it's the plain password,
to the point when they check your script that decodes the password, at which
point they will see the rot13, but that applies all two way encryption, as you
need the decoder in your php script, they will be able to decode your encoded
password without any trouble.
When you use an Unix like system, you can change the password files privileges
and that way protect the password from other persons eyes.
Assuming that your user names is mario and that the apache server is run as
the user apache, then do a "chown mario:apache -R ~/mypasswords" and then
"chmod o-rwd -R ~/mypasswords"
This way only you and the web server can read the file with your password, no
other user except root will be able to read the file.
--
//Aho
Navigation:
[Reply to this message]
|