"John W. Holmes" <[EMAIL PROTECTED]> wrote:
> ...[snip]... > And where do you plan on storing this 'secret code' that your dynamic > PHP script have to have access to in order to add users and send > forgotten email messages?? > > If you have something to protect, then you should have your own server > or get it with someone you can trust. If the hacker can see your mysql > data, they can see the source of your PHP scripts, and nothing is hidden > anymore. Unless you encode your PHP scripts ;) ...with Zend Encoder, perhaps? I agree. You really need to have your own server, within your own premises, (physically) accessible only by your own self if you're really thinking about making your scripts/db/site "secure". I am not against encoding/decoding passwords in the db. In fact, I'd even say that it's a good idea to encode names, tel nos., e-mail addresses, etc. But what beats me is this: This thread is about e-mailing passwords. If you're thinking about security why would you send your user's password? Beats me. (Unless of course you're using some kind of digital signature, etc. and encoding you're e-mails as well...) Just mho, - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
