Bob Hockney <mailto:[EMAIL PROTECTED]> on Tuesday, June 29, 2004 5:58 PM said:
> I wrote a php script that accesses a database, and I am wondering > about securing the password to the database. I could prompt the user > for the password every session, but I don't necessarily want the user > to have the password. you don't want the user to have the password?? how else are they supposed to login? > Unless I'm missing something, any on-disk > place I store the password needs to be readable by PHP, and therefore > isn't very secure. 1. don't store the password in plain text. store it as a hash. 2. make the file readable only to root and the user that PHP/Apache runs under. that's about all i know. chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
