php-windows Digest 9 Dec 2003 08:22:47 -0000 Issue 2033
Topics (messages 22334 through 22341):
Re: md5 password with javascirpt
22334 by: Roy Henderson
22335 by: Herhuth, Ron
ODBC/MSSQL Connect function
22336 by: Harpreet
22337 by: Justin Patrin
Setting Cookie problem
22338 by: Mike Lee
php.ini
22339 by: Hayden Kirk
22340 by: Frank M. Kromann
22341 by: Svensson, B.A.T. (HKG)
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Maybe I'm missing something fairly fundamental, but I don't see how simply
sending an encoded password increases the security for a single site
scenario.
Surely a hacker just has to capture the encoded password and submit that?
( I can understand how it prevents the disclosure of the original plaintext
password which might also be valid at other sites which do not utilise
encoding and so prevents gaining access to several sites. I also understand
how it avoids the need to store plaintext passwords in a validation
database. )
Isn't SSL the only secure transport for any sensitive data?
Waiting to be corrected ...
Regards,
Roy
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 05 December 2003 12:07
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [PHP-WIN] md5 password with javascirpt
Try this site: http://pajhome.org.uk/ for the MD5.js file.
Lots of security tips and tricks.
-----Original Message-----
From: Exiang [mailto:[EMAIL PROTECTED]
Sent: 05 December 2003 08:39
To: [EMAIL PROTECTED]
Subject: [PHP-WIN] md5 password with javascirpt
Hi,
question: how to encode a password in client side with javascipt..
thanx.
regards,
exiang
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
I wondered this too.
We used IIS to limit acess to specific IP block of users, along with
client and even server side encoding but even that can be compromised. I
think any form of security needs to be looked at closely...them there
hackers are a tricky bunch...and they don't share the same deadlines us
application engineers do.
ROn
>From: Roy Henderson
>To: [EMAIL PROTECTED]
>Sent: 12/08/2003 2:49 PM
>Maybe I'm missing something fairly fundamental, but I don't see how
simply
>sending an encoded password increases the security for a single site
>scenario.
>
>Surely a hacker just has to capture the encoded password and submit that?
>
>( I can understand how it prevents the disclosure of the original
plaintext
>password which might also be valid at other sites which do not utilise
>encoding and so prevents gaining access to several sites. I also
understand
>how it avoids the need to store plaintext passwords in a validation
>database. )
>
>Isn't SSL the only secure transport for any sensitive data?
>
>Waiting to be corrected ...
>
>Regards,
>
>Roy
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: 05 December 2003 12:07
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: RE: [PHP-WIN] md5 password with javascirpt
>
>Try this site: http://pajhome.org.uk/ for the MD5.js file.
>
>Lots of security tips and tricks.
>
>-----Original Message-----
>From: Exiang [mailto:[EMAIL PROTECTED]
>Sent: 05 December 2003 08:39
>To: [EMAIL PROTECTED]
>Subject: [PHP-WIN] md5 password with javascirpt
>
>
>Hi,
>question: how to encode a password in client side with javascipt..
>
>thanx.
>
>regards,
>exiang
>
>--
>PHP Windows Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>--
>PHP Windows Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--- End Message ---
--- Begin Message ---
I use the below function string to connect to the database.
mssql_connect($_SESSION["hostname"],$_SESSION["user"],$_SESSION["password"])
now if i want to connect using the odbc_connect function do i have to
change all my mssql_fetch_array and mssql_query functions too.
Please help
Thanks
Regards,
Harpreet Kaur
--- End Message ---
--- Begin Message ---
Harpreet wrote:
I use the below function string to connect to the database.
mssql_connect($_SESSION["hostname"],$_SESSION["user"],$_SESSION["password"])
now if i want to connect using the odbc_connect function do i have to
change all my mssql_fetch_array and mssql_query functions too.
Please help
Thanks
Regards,
Harpreet Kaur
Yes, that's the way that the database functions work, unfortunately.
However, there is a solution. If you use a database abstraction class,
you can use the same code for many types of databases. One such is
PEAR's DB. (http://pear.php.net/package/DB). You could also use PEAR's
MDB and the ADODB PHP package.
--
paperCrane <Justin Patrin>
--- End Message ---
--- Begin Message ---
Hello,
[Using Apache 2.0.47 with PHP 4.3 with IE.6(allowing
cookies)]
I have made previous php pages so just to confirm that
the configuration for php IS working :)
I created the page(below) from a tutorial for setting
cookies. But the cookie itself doesn't get stored(as I
have debuged in the code)
I have also used a program called
tcpTrace(http://www.pocketsoap.com/tcptrace/) which
outputs the sent/received message (including HTTP
headers) and this doesn't show the 'Cookie:blah=blah'
attribute when accessing the page below either.
Any suggestions/experience on the annoying problem
would be much appreciated!
Cheers,
Mike.
This is code of 'cookies.php':
<?php
if(isset($value))
{
SetCookie("mycookie",$value,time()+3600);
}
?>
<html>
<head>
<title>Cookie test script</title>
</head>
<body>
<?PHP print('mycookie = ' . $mycookie); ?>
<br>
<?php print_r($_COOKIE); ?> // for debug
//nothing appears
<form action="" method="post">
Type value: <input name="value" type="text">
<input name="submit" type="submit">
</form>
</body>
</html>
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
--- End Message ---
--- Begin Message ---
Does anyone know why the ASPI module is not reading php.ini under windows
2000 server? its in c:\winnt\php.ini
settings are at www.ixon.co.nz/phpinfo.php
--- End Message ---
--- Begin Message ---
Hi,
The php.ini file ies read on startup. If you make changes to the ini file
after the web server was started, you need to restart the web server to
get the latest ini settings.
- Frank
> Does anyone know why the ASPI module is not reading php.ini under
windows
> 2000 server? its in c:\winnt\php.ini
>
> settings are at www.ixon.co.nz/phpinfo.php
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Even though it might be helpful, I would not recommend to display
your internal server settings in public - its a security risk.
On Tue, 2003-12-09 at 03:46, Hayden Kirk wrote:
> settings are at www.ixon.co.nz/*******
--- End Message ---
