|
|
Posted by Keniobats on 05/28/07 14:23
On May 28, 3:20 pm, Keniobats <freerevolutiont...@gmail.com> wrote:
> On May 27, 5:56 pm, "_mario.lat" <n...@libero.it> wrote:
>
> > >> I use PHP and I'd like to not write in hardcoded way password
> > >> and login to access to mysql.
> > >> how to not write password in code for access to mysql?
> > >> How can I do?
> > >> I'd like that who see my code don't see my paswords.
> > >> there is a solution?
>
> > > Now you can create the following file
>
> > Thank you for answering me.
> > I'm shure there is a better way with cript:
> > DES or SHA, RSA...
> > Mario.
>
> Hello Mario!, i think that maybe you can "confuse" a little the
> malicious user doing the following things:
>
> 1st: as i readed before, encrypt your password at (for example)
> base64:
> $user = "mario";
> $password = "Y0dGemMzZHZjbVE9"; (the word "password" encrypted at
> base64 TWICE, and looks like a plain text passwd)
>
> then, when you want to decrypt it and use it for loggin at some place
> of your scripts:
> echo base64_decode(base64_decode($password));
> or, to confuse the attaker more, you can do the same
> $pass_decrypted= base64_decode(base64_decode($password)); <--- but
> also encrypted in hex like this..:
>
> echo
> "base64_decode(base64_decode($password));";
> as doing with echo, when executed, the browser prints the result in
> plain text, showing base64_decode(base64_decode($password)), but the
> question it's to save the plain text result, in a variable containing
> your password decrypted...
> I hope this will help you...i just improved this, 'cause i didn't
> have time to explore more this(i have to go to work now :( )
> Success!!! See u! =)
sorry, i forgot to put the link i used to convert characters:
http://people.w3.org/rishida/scripts/uniview/conversion.php
good luck
Navigation:
[Reply to this message]
|