Lucas Prado Melo wrote:
Hello,
Some php applications store database passwords into files which can be
read by the user www-data.
So, a malicious user which can write php scripts could read those passwords.
What should I do to prevent users from viewing those passwords?
Not too much really.
The webserver needs to be able to read a config file.
You could obfuscate the fields/entries or encrypt them somehow, but it
needs to be a two-way encryption (ie you're going to need to undo the
encryption to be able to use the password).
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
