Rudolf Horbas <rh*****@gmx.net> wrote in message news:<c2**********@svr7.m-online.net>...
CoralineSage wrote:
Hi all, I'm running a message board php app and one of the php files
stores a username and password. That file is not encrypted, so anyone
can actually get that username and password if they can get to the
file...
(...)
Does anyone have any suggestions on how I could protect that
file/information?
Is this file parsed as a php file? What extension does it have?
Try calling the file via http://path/to/your/file
If there's no output, You're fine (well, at least rather fine).
If Yes, and the output contains sensitive data:
* give it a .php extension (check for dependent files)
or
* put it below Your www-root, so it can't be requested via http.
Hint:
If anyone can read the contents of the file via ftp, You have other
things to worry about than Your bulletin password ...
Rudi
Hi Rudi, I'm sorry if I wasn't clear or failed to provide sufficient
info. The file has a php extension already and it's actually called
indirectly by the bulletin app. If I try to bring it up I see nothing
but html header info (when I source the page).
My ftp is closed also, so no problem there. I guess my main concern
was really that someone would walk up to my computer and browse the
files there and get the information out of the file...I know I can set
system passwords and all that stuff, but what I was really looking for
was to encrypt the file so that someone who had physical access to it
couldn't read it. I know it's a bit of paranoia, but it isn't my
paranoia...
Anyhow, thanks for the info and willingness to help. I really
appreciate it.
And thanks Savut and Hayden Kirk for the suggestions. I'm going to
look into it and see what's my best (read: easiest) option :)
Sincerely,
CoralineSage
Sincerely, CoralineSage
