On Tue, November 8, 2005 10:03 pm, David Tulloh wrote:
> Richard Lynch wrote:
>
>>On Fri, November 4, 2005 5:44 pm, Pablo Gosse wrote:
>>
>>
>>>By setting the file readable only by root this problem is completely
>>>eliminated. Unless a hacker has the root password, they will not be
>>>able to com
Richard Lynch wrote:
On Fri, November 4, 2005 5:44 pm, Pablo Gosse wrote:
By setting the file readable only by root this problem is completely
eliminated. Unless a hacker has the root password, they will not be
able to compromise the information in this file.
This is how I understand it, a
Richard Lynch wrote:
> By setting the file readable only by root this problem is
> completely eliminated. Unless a hacker has the root password,
> they will not be able to compromise the information in this
> file.
>
> This is how I understand it, at least. If Chris reads this
> perhaps he can co
On Fri, November 4, 2005 5:44 pm, Pablo Gosse wrote:
> By setting the file readable only by root this problem is completely
> eliminated. Unless a hacker has the root password, they will not be
> able to compromise the information in this file.
>
> This is how I understand it, at least. If Chris
On Fri, November 4, 2005 5:36 pm, bruce wrote:
> pablo...
>
> i fail to see how your suggestion is much more secure than placing the
> user/passwd information in a file that's outside the web access space,
> and
> then including the file.
>
> in either case, the user wouldn't be able to read the in
Ooooh!
We both forgot to warn you:
Be VERY careful with and var_dump($_SERVER) and
similar coding practices.
You're dumping out your username/password in plaintext at that point
with this technique!
TANSTAAFL!
On Fri, November 4, 2005 5:16 pm, Pablo Gosse wrote:
> [snip]
> Some functions ne
On Fri, November 4, 2005 2:36 pm, Bing Du wrote:
> Some functions need you to provide username and password, for instance
> odbc_connect. Even though the username/password just has minimum
> access
> privileges to the resource, putting it there in clear text in a script
> gives
> me heartburn. Ho
priamry point was to stress the file aspect is essentially the same, all
things being equal.
-Original Message-
From: Pablo Gosse [mailto:[EMAIL PROTECTED]
Sent: Friday, November 04, 2005 3:45 PM
To: [EMAIL PROTECTED]; php-general@lists.php.net
Subject: RE: [PHP] protect password?
[snip
[snip]
pablo...
i fail to see how your suggestion is much more secure than placing the
user/passwd information in a file that's outside the web access space,
and then including the file.
in either case, the user wouldn't be able to read the include file.
[/snip]
Greeting, Bruce.
On a dedicated
-
From: Pablo Gosse [mailto:[EMAIL PROTECTED]
Sent: Friday, November 04, 2005 3:16 PM
To: php-general@lists.php.net
Subject: RE: [PHP] protect password?
[snip]
Some functions need you to provide username and password, for instance
odbc_connect. Even though the username/password just has mini
[snip]
Some functions need you to provide username and password, for instance
odbc_connect. Even though the username/password just has minimum access
privileges to the resource, putting it there in clear text in a script
gives
me heartburn. How do people handle username/password in such kind o
Hello,
Some functions need you to provide username and password, for instance
odbc_connect. Even though the username/password just has minimum access
privileges to the resource, putting it there in clear text in a script gives
me heartburn. How do people handle username/password in such kind
12 matches
Mail list logo
