Vaughn Treude wrote:
>Hello all:
>I know there are a lot of PHP gurus on this list, so hopefully it's not too
>off-topic.
>I'm a newbie to PHP and I'm struggling with a login script for my
>organization's website. I'm using an example script I got off the Web
>somewhere. It uses MySQL through the "PEAR" database driver. Here's the
>code snippet for the connection code in db_connect.php:
>
>---------------------------
>
>//require the PEAR::DB classes.
>
>require_once 'DB.php';
>
>
>$db_engine = 'mysql';
>$db_user = 'XXXX';
>$db_pass = 'YYYYYYYY';
>$db_host = 'ieeepacn.com';
>$db_name = 'ZZZZZZZ';
>
>$datasource = $db_engine.'://'.
> $db_user.':'.
> $db_pass.'@'.
> $db_host.'/'.
> $db_name;
>
>
>$db_object = DB::connect($datasource, TRUE);
>
>------------------------
>
>This works, but it occurs to me: how can this thing possibly be secure? The
>password's there in clear text. A person would only need read access to get
>it. And if the PHP file's not globally readable, the login fails. Is there
>some factor here I'm missing such that it's more protected than I think? Or
>is there a better way to approach this?
>
>Thanks!
>Vaughn
>
>
>
1. If the webserver parses PHP not as text, no one will be able to read
the contents of the file from the browser.
2. You can create a user for MySQL that only has rights to the DB and
not login to the server.
3. You can split the variables from the connection string into 2 files.
4. You can encrypt the variables (Like $db_pass = "cGFzc3dvcmQ="; in 1
file and in another file $db_engine = {...base64_decode($db_pass)...;}.
(there are tons of ways to do this)
5. You can obfuscate the entire script (from:
http://richard.fairthorne.is-a-geek.com/utils_obfuscate.php):
<? eval(gzinflate(base64_decode('
VY9NDoIwEEbXkHCHWZBUE1P2+IMheAGjibohpUwE
Iy1QWHh7GaARv676pjPzGh1abPqyxVQricCSmNdF
zbaeS8fPsxTVs1QIe2DVxzRvKhHuDbYEb0Msq4Ux
xO5zLC+06YiXiFgLqbjUla0pUY3DH1OmzX4uOmF0
30qq/Sw4C4OAcc91HAfAagz0j5EGZ8eJwQzJgbOp
GcA+pe2Lv+rshZJUkzgMpVZquK0WMhu4nK+n9dix
i74=
'))); ?>
I use #2 and #3 and make sure only that permission is available from
localhost for production. I sometimes use #5 in situations that I need
to protect myself (the tinkerer that messes with the code then suddenly
calls 'Hey, this doesn't work!').
If anyone wants access to the DB, they'll get it. You just have to make
it not easy.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss