Sign in to follow this  
doctorhair1

PHP and encryption...

Recommended Posts

Is it even worth encrypting a file that contains data for the username and password for your database in a product? I mean you have to have a way for the engine to decrypt the file and then if someone can steal your db settings file (dbheaders.php or whatever you want to call it) then chances ar ethey can steal your engine file that has teh feature to decrypt your settings. Any ideas or better options?

Share this post


Link to post
Share on other sites
That is only an issue with security through obscurity. Use a standard encryption algorithm (or even a one-way hash) to store critical information in the database. This way, knowledge about the encryption scheme does not really help unless the attacker manages to find the key/salt or reverse a hash function.

Share this post


Link to post
Share on other sites
Ok, but let's say they login to the users phpMyAdmin with the settings they stole from the settings.php file and login with root access and then go to the SQL query and type in DROP TABLE TABLE_NAME_HERE; Since this is going to be distributed globally that could be a problem since I don't know every users security levels. And yes, it would be pointless for them to try and break through my md5 hash however they can still execute db commands. Oh well I guess I'll just live with the hash method.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this