Reply to Re: how to not write password in code for using to mysql?

Your name:

Reply:


Posted by J.O. Aho on 05/27/07 18:05

_mario.lat wrote:
>>> I use PHP and I'd like to not write in hardcoded way password
>>> and login to access to mysql.
>>> how to not write password in code for access to mysql?
>>> How can I do?
>>> I'd like that who see my code don't see my paswords.
>>> there is a solution?
>> Now you can create the following file
>
> Thank you for answering me.
> I'm shure there is a better way with cript:
> DES or SHA, RSA...

As Elomaa already pointed out, you will have big trouble to decrypt the one
way hashes. You could use rot13 to encode/decode your passwords, it's not much
protection, but at the first glance someone may think it's the plain password,
to the point when they check your script that decodes the password, at which
point they will see the rot13, but that applies all two way encryption, as you
need the decoder in your php script, they will be able to decode your encoded
password without any trouble.

When you use an Unix like system, you can change the password files privileges
and that way protect the password from other persons eyes.

Assuming that your user names is mario and that the apache server is run as
the user apache, then do a "chown mario:apache -R ~/mypasswords" and then
"chmod o-rwd -R ~/mypasswords"

This way only you and the web server can read the file with your password, no
other user except root will be able to read the file.

--

//Aho

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация