it's much easier to detect a modification of a script instead of just a "cat dbconf.php".
Keyser Soze ----Original Message----- What stops the hacker from doing: $vars_db = cfg_get("db.cfg"); connect($conf[dbhost], $conf[dbname] , $conf[dbuser] , $conf[dbpass] ); print_r($conf); // or var_dump($conf); ? > And the encryption method can be changed easily, just doing a new > libmycrypt.so. Like I said, libmycrypt.so is meant to have the funtionc > (char *)my_crypt(char *) and (char *)my_decrypt(char *). > The encryption method will be the user/admin choice. > -- Robin Ericsson <lobbin at localhost dot nu> "The secret of flying is to throw yourself at the ground, and miss." -- Douglas Adams -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php