Right now the key is hard-coded into the PHP script. I am worried that if someone hacks into my server they will have access to the the encryption key and can then use it to decode the encrypted data that is on my DB.
Is there any way for me to remove the decryption key from the script itself and make it as inaccessible as possible?
One solution that I was joping would be possible would be to a (super)global variable that is put into RAM once the web server is started. That way the key is not lying around anywhere.
Is there anyway for me to either make a either $_SERVER var for apache (say in the httpd.conf file which I could delete after starting the server or in the source code?) or of creating my own superglobal for PHP (and then I delete the source code)?
Any suggestions are welcomed!
Jean-Christian Imbeault
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
