|
Posted by Keniobats on 05/28/07 14:20
On May 27, 5:56 pm, "_mario.lat" <n...@libero.it> wrote:
> >> I use PHP and I'd like to not write in hardcoded way password
> >> and login to access to mysql.
> >> how to not write password in code for access to mysql?
> >> How can I do?
> >> I'd like that who see my code don't see my paswords.
> >> there is a solution?
>
> > Now you can create the following file
>
> Thank you for answering me.
> I'm shure there is a better way with cript:
> DES or SHA, RSA...
> Mario.
Hello Mario!, i think that maybe you can "confuse" a little the
malicious user doing the following things:
1st: as i readed before, encrypt your password at (for example)
base64:
$user = "mario";
$password = "Y0dGemMzZHZjbVE9"; (the word "password" encrypted at
base64 TWICE, and looks like a plain text passwd)
then, when you want to decrypt it and use it for loggin at some place
of your scripts:
echo base64_decode(base64_decode($password));
or, to confuse the attaker more, you can do the same
$pass_decrypted= base64_decode(base64_decode($password)); <--- but
also encrypted in hex like this..:
echo
"base64_decode(base64_decode($password));";
as doing with echo, when executed, the browser prints the result in
plain text, showing base64_decode(base64_decode($password)), but the
question it's to save the plain text result, in a variable containing
your password decrypted...
I hope this will help you...i just improved this, 'cause i didn't
have time to explore more this(i have to go to work now :( )
Success!!! See u! =)
[Back to original message]
|