PHP DatabasesUsing PHP in conjunction with databases. PHP questions not specific to databases should be directed to one of the other PHP forums.
Welcome to the p2p.wrox.com Forums.
You are currently viewing the PHP Databases section of the Wrox p2p Programmer to Programmer discussion community. This is a community of more than 40,000 computer programmers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining our free Wrox p2p community you can post your own programming questions and respond to other programmers’ questions. Registered users also don't have to see the ads that are displayed to guests. Registration is fast, simple and absolutely free so please, join today!
Join today and post to win prizes! Post more to increase your chances of being Wrox’s top poster of the month.
There are functions in PHP which you can use to encrypt and decrypt strings, such as MCrypt (http://uk.php.net/manual/en/book.mcrypt.php). These can be used so you don't have to put the password in the raw source file.
However, if an attacker gets in to your server and can see the encrypted password in the source file, they can just as (or more) easily see the method in which it is encrypted. It wouldnt take them a minute to decrypt it themselves and have access to the database.
It would be better to spend time ensuring access to the server itself is secure.
Hope this helps
Phil
The Following User Says Thank You to philip_cole For This Useful Post:
mysql_connect password encryption
Linear Mode
