Reply to Re: how to not write password in code for using to mysql?

Your name:

Reply:


Posted by Keniobats on 05/28/07 14:20

On May 27, 5:56 pm, "_mario.lat" <n...@libero.it> wrote:
> >> I use PHP and I'd like to not write in hardcoded way password
> >> and login to access to mysql.
> >> how to not write password in code for access to mysql?
> >> How can I do?
> >> I'd like that who see my code don't see my paswords.
> >> there is a solution?
>
> > Now you can create the following file
>
> Thank you for answering me.
> I'm shure there is a better way with cript:
> DES or SHA, RSA...
> Mario.

Hello Mario!, i think that maybe you can "confuse" a little the
malicious user doing the following things:

1st: as i readed before, encrypt your password at (for example)
base64:
$user = "mario";
$password = "Y0dGemMzZHZjbVE9"; (the word "password" encrypted at
base64 TWICE, and looks like a plain text passwd)

then, when you want to decrypt it and use it for loggin at some place
of your scripts:
echo base64_decode(base64_decode($password));
or, to confuse the attaker more, you can do the same
$pass_decrypted= base64_decode(base64_decode($password)); <--- but
also encrypted in hex like this..:

echo
"&#x62;&#x61;&#x73;&#x65;&#x36;&#x34;&#x5F;&#x64;&#x65;&#x63;&#x6F;&#x64;&#x65;&#x28;&#x62;&#x61;&#x73;&#x65;&#x36;&#x34;&#x5F;&#x64;&#x65;&#x63;&#x6F;&#x64;&#x65;&#x28;&#x24;&#x70;&#x61;&#x73;&#x73;&#x77;&#x6F;&#x72;&#x64;&#x29;&#x29;&#x3B;";
as doing with echo, when executed, the browser prints the result in
plain text, showing base64_decode(base64_decode($password)), but the
question it's to save the plain text result, in a variable containing
your password decrypted...
I hope this will help you...i just improved this, 'cause i didn't
have time to explore more this(i have to go to work now :( )
Success!!! See u! =)

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация