encrypt php code?

Re: encrypt php code?

use crypt() function


Savut

"CoralineSa ge" <FVZYSWBYIPBW@s pammotel.com> wrote in message
news:9d066669.0 403030932.7379d 8d6@posting.goo gle.com...[color=blue]
> Hi all, I'm running a message board php app and one of the php files
> stores a username and password. That file is not encrypted, so anyone
> can actually get that username and password if they can get to the
> file...
>
> I did not develop the php bulletin board and am pretty new to php.
>
> Does anyone have any suggestions on how I could protect that
> file/information?
>
> It now sits on a RH 8, Apache2.0.48, PHP 4.3.4
>
> Thanks in advance for any help.
>
> Sincerely,
> CoralineSage[/color]

Re: encrypt php code?

Store in MySQL?


"CoralineSa ge" <FVZYSWBYIPBW@s pammotel.com> wrote in message
news:9d066669.0 403030932.7379d 8d6@posting.goo gle.com...[color=blue]
> Hi all, I'm running a message board php app and one of the php files
> stores a username and password. That file is not encrypted, so anyone
> can actually get that username and password if they can get to the
> file...
>
> I did not develop the php bulletin board and am pretty new to php.
>
> Does anyone have any suggestions on how I could protect that
> file/information?
>
> It now sits on a RH 8, Apache2.0.48, PHP 4.3.4
>
> Thanks in advance for any help.
>
> Sincerely,
> CoralineSage[/color]

Re: encrypt php code?

CoralineSage wrote:
[color=blue]
> Hi all, I'm running a message board php app and one of the php files
> stores a username and password. That file is not encrypted, so anyone
> can actually get that username and password if they can get to the
> file...
>
> (...)
> Does anyone have any suggestions on how I could protect that
> file/information?
>[/color]

Is this file parsed as a php file? What extension does it have?

Try calling the file via http://path/to/your/file

If there's no output, You're fine (well, at least rather fine).
If Yes, and the output contains sensitive data:
* give it a .php extension (check for dependent files)
or
* put it below Your www-root, so it can't be requested via http.

Hint:
If anyone can read the contents of the file via ftp, You have other
things to worry about than Your bulletin password ...

Rudi

Re: encrypt php code?

Rudolf Horbas <rhorbas@gmx.ne t> wrote in message news:<c25p0e$oq 1$1@svr7.m-online.net>...[color=blue]
> CoralineSage wrote:
>[color=green]
> > Hi all, I'm running a message board php app and one of the php files
> > stores a username and password. That file is not encrypted, so anyone
> > can actually get that username and password if they can get to the
> > file...
> >
> > (...)
> > Does anyone have any suggestions on how I could protect that
> > file/information?
> >[/color]
>
> Is this file parsed as a php file? What extension does it have?
>
> Try calling the file via http://path/to/your/file
>
> If there's no output, You're fine (well, at least rather fine).
> If Yes, and the output contains sensitive data:
> * give it a .php extension (check for dependent files)
> or
> * put it below Your www-root, so it can't be requested via http.
>
> Hint:
> If anyone can read the contents of the file via ftp, You have other
> things to worry about than Your bulletin password ...
>
> Rudi[/color]

Hi Rudi, I'm sorry if I wasn't clear or failed to provide sufficient
info. The file has a php extension already and it's actually called
indirectly by the bulletin app. If I try to bring it up I see nothing
but html header info (when I source the page).

My ftp is closed also, so no problem there. I guess my main concern
was really that someone would walk up to my computer and browse the
files there and get the information out of the file...I know I can set
system passwords and all that stuff, but what I was really looking for
was to encrypt the file so that someone who had physical access to it
couldn't read it. I know it's a bit of paranoia, but it isn't my
paranoia...

Anyhow, thanks for the info and willingness to help. I really
appreciate it.

And thanks Savut and Hayden Kirk for the suggestions. I'm going to
look into it and see what's my best (read: easiest) option :)

Sincerely,
CoralineSage

Sincerely, CoralineSage

Re: encrypt php code?

CoralineSage wrote:[color=blue]
>
> I guess my main concern was really that someone would
> walk up to my computer and browse the files there
> and get the information out of the file...[/color]

Store a MD5 hash of the password rather than the plaintext password, and
when someone logs in, compare the MD5 hash of what they have submitted
with the MD5 hash stored in the user profile.

That's the simplest thing to do.

You should also consider storing this information in a database rather
than a flat file.

Good luck.

bblackmoor
2004-03-10