[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Severe Security Problem Between Sites

Subject: Re: [cobalt-users] Severe Security Problem Between Sites
From: "Steven Werby" <steven-lists@xxxxxxxxxxxx>
Date: Tue Mar 28 07:59:18 2000

<michael@xxxxxxxxxx> wrote:
> > Storing passwords in plain text...once again, a bit of slopy
> > programming.
>
> I agree, but I don't know any other way. How do you add your passwords
> for MySQL databases in PHP skripts?

If you're in a situation where non-trusted users have FTP access, but no
Telnet/SSH shell access you can start by putting the passwords in text files
outside of their FTP directory access.  In fact, you should keep passwords
outside of web directories since if PHP fails I believe the PHP file will be
returned by the browser in plain text.  You can also alter the passwords
before storing them in the plain text file.  For example, you can use the
PHP function base64_encode() to encode that password, then put the value in
your text file and base64_decode() to reconstruct it in your PHP file.  Of
course, anyone who can access your PHP file and your text file will be able
to figure out what you did.

Might be enough depending on your circumstances.

Steven Werby {steven-lists@xxxxxxxxxxxx}

References:
- [cobalt-users] Severe Security Problem Between Sites
  - From: Michael Hoennig
- Re: [cobalt-users] Severe Security Problem Between Sites
  - From: Robert G. Fisher
- Re: [cobalt-users] Severe Security Problem Between Sites
  - From: michael

Prev by Date: Re: [cobalt-users] Severe Security Problem Between Sites
Next by Date: [cobalt-users] Thanks
Previous by thread: Re: [cobalt-users] Severe Security Problem Between Sites
Next by thread: Re: [cobalt-users] Severe Security Problem Between Sites

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index