Assuming they have access to the PHP files, all decoding keys would be
available there, so while encrypting the database would definitely slow up
the attacker, it would only do so until they discovered the decoding method.
Any experienced hacker would find this in no time. If you pre-compile th
This is an issue I've been thinking about for an application we are
developing.
Is it worth encrypting data on the database tables when anyone who can
access the application itself - or better still the server - could
readily access the encrypted data? Assuming SSL connections, secure
server
TECTED]
> Sent: 17 January 2005 03:47
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Security Question
>
>
> But what I'm saying is that if you're submitting a form from an unsecured
> page, to a script on a secure server, the data will still be encrypted.
> Any
t; insecure login carries less risk.
>
> You could always host the login page on a non secure server but post the
> form to a secure server.
>
> Peter
>
> > -Original Message-
> > From: Micah Stevens [mailto:[EMAIL PROTECTED]
> > Sent: 17 January 2005 02:46
t the login page on a non secure server but post the form
to a secure server.
Peter
> -Original Message-
> From: Micah Stevens [mailto:[EMAIL PROTECTED]
> Sent: 17 January 2005 02:46
> To: php-db@lists.php.net
> Subject: Re: [PHP-DB] Security Question
>
>
>
If it submits to a secure server the form data will be encrypted before
transmission I believe. At least that's my understanding, and that seems to
be how ebay does it for example. Once you log-in, it submits to a secure
page.
-Micah
On Sunday 16 January 2005 06:38 pm, Chris Payne wrote:
>
Hi everyone,
I have a security question, I want to see if I am right or wrong. I have
programmed a system with PHP and MySQL, the main system resides on a secure
server, but the client wants the login page on a NON-Secure server for
marketing purposes. Am I the only one who thinks this is a m
From: "Dylan Barber" <[EMAIL PROTECTED]>
I am accessing a database on my site from another site - I am
not the only developer on the other site and there is the potential
for someone to access the database for nefarious purposes from
the other site. Can I somehow protect the password and still hav
I am accessing a database on my site from another site - I am not the only developer
on the other site and there is the potential for someone to access the database for
nefarious purposes from the other site. Can I somehow protect the password and still
have it work?
Or I had thought of this b