php-general Digest 11 Aug 2010 22:50:32 -0000 Issue 6889

Wed, 11 Aug 2010 15:52:21 -0700 

php-general Digest 11 Aug 2010 22:50:32 -0000 Issue 6889

Topics (messages 307397 through 307401):

Re: Variable variables into an array.
        307397 by: Bob McConnell
        307398 by: Richard Quadling

protecting a directory by php mysql
        307399 by: Ali Asghar Toraby Parizy
        307400 by: Ashley Sheridan

Encryption/Decryption Question
        307401 by: tedd

Administrivia:

To subscribe to the digest, e-mail:
        [email protected]

To unsubscribe from the digest, e-mail:
        [email protected]

To post to the list, e-mail:
        [email protected]


----------------------------------------------------------------------
--- Begin Message --- 
From: Richard Quadling

> Quick set of eyes needed to see what I've done wrong...
> 
> The following is a reduced example ...
> 
> <?php
> $Set = array();
> $Entry = 'Set[1]';
            ^^^^^^
Shouldn't that be $Set[1]?

> $Value = 'Assigned';
> $$Entry = $Value;
> print_r($Set);
> ?>

Bob McConnell

--- End Message ---
--- Begin Message --- 
On 11 August 2010 13:58, Bob McConnell <[email protected]> wrote:
> From: Richard Quadling
>
>> Quick set of eyes needed to see what I've done wrong...
>>
>> The following is a reduced example ...
>>
>> <?php
>> $Set = array();
>> $Entry = 'Set[1]';
>            ^^^^^^
> Shouldn't that be $Set[1]?
>
>> $Value = 'Assigned';
>> $$Entry = $Value;
>> print_r($Set);
>> ?>
>
> Bob McConnell
>

No.

--- End Message ---
--- Begin Message --- 
Hi.
I need a protected directory in my server that only the authenticated user
can reach all files in that folder(file type is zip and picture or a web
page, maybe). I save user ID and passwords in mysql database. today I tried
to use htaccess but mod_auth_mysql isn't installed on my server.
I know that I can protect web pages by a simple PHP script(checking log in
session) but I don't know how I can protect images and files!
Thanks for any help
-- 
Ali Asghar Torabi

--- End Message ---
--- Begin Message --- 
On Thu, 2010-08-12 at 02:02 +0430, Ali Asghar Toraby Parizy wrote:

> Hi.
> I need a protected directory in my server that only the authenticated user
> can reach all files in that folder(file type is zip and picture or a web
> page, maybe). I save user ID and passwords in mysql database. today I tried
> to use htaccess but mod_auth_mysql isn't installed on my server.
> I know that I can protect web pages by a simple PHP script(checking log in
> session) but I don't know how I can protect images and files!
> Thanks for any help


You can protect with a .htaccess with a more basic protection, by having
a password stored in an encrypted form in a file somewhere that Apache
can see.

However, if you need to authorise users via details in a DB, then your
best bet is to store all the files themselves outside of the web root,
and then use a script to access them. The script can authenticate users
however you want, and only when they are logged in will it read from the
file and write that back out to the client with the correct headers.

If you can't put the files outside of web root, then you have little
hope of securing them if you can't get mod_auth_mysql installed.

Thanks,
Ash
http://www.ashleysheridan.co.uk

--- End Message ---
--- Begin Message --- 
Hi gang:

Okay, a question to the Encryption/Decryption gurus out there.

If you were given:

1. This encrypted string:

p3IVhDBT26i+p4vd7J4fAw==
2. Were told it was a social security number (i.e., in the form of 123-45-6789). 

3. And it had been generated from this code:

$cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc','');
mcrypt_generic_init($cipher, $key1, $key2);
$encrypted = mcrypt_generic($cipher,$social_security_number);
4. Where $key1 and $key2 are md5() values calculated from two different security phrases. 

5. Where each security phrase contains multiple non-English words.
What would it take for you to break the encrypted string and decipher the social security number? Can it be done? If so, how long?
And lastly, where would the "best" place to store these security phrases? (Note: I didn't ask where would be the best place for me to put them.) :-) 

Cheers,

tedd

PS: No, the SS number in question is not 123-45-6789. :-)

--
-------
http://sperling.com/

--- End Message ---

Reply via email to