• Advertisement
Sign in to follow this  

PHP and encryption...

This topic is 4247 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Is it even worth encrypting a file that contains data for the username and password for your database in a product? I mean you have to have a way for the engine to decrypt the file and then if someone can steal your db settings file (dbheaders.php or whatever you want to call it) then chances ar ethey can steal your engine file that has teh feature to decrypt your settings. Any ideas or better options?

Share this post


Link to post
Share on other sites
Advertisement
If you have a decent host you should be able to restrict database access to the local server and/or specific IPs that you choose to allow.

Share this post


Link to post
Share on other sites
That is only an issue with security through obscurity. Use a standard encryption algorithm (or even a one-way hash) to store critical information in the database. This way, knowledge about the encryption scheme does not really help unless the attacker manages to find the key/salt or reverse a hash function.

Share this post


Link to post
Share on other sites
Ok, but let's say they login to the users phpMyAdmin with the settings they stole from the settings.php file and login with root access and then go to the SQL query and type in DROP TABLE TABLE_NAME_HERE; Since this is going to be distributed globally that could be a problem since I don't know every users security levels. And yes, it would be pointless for them to try and break through my md5 hash however they can still execute db commands. Oh well I guess I'll just live with the hash method.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement