Posted by Toby Inkster on 01/08/07 15:45

cbmeeks wrote:

> Even if I encrypt the data don't I have to store the decryption key
> somewhere?

Whatever method you used, your PHP ode would eventually have to calculate
the unencrypted versions of $userid and $pass, and an evil sysadmin could
simply insert:

echo "{$userid}:{$pass}";

at that point in the code to see what they were.

As Jerry said, if you don't trust your sysadmin...

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

[Back to original message]