How to hide username / password when using FTP functions

If the remote host has ssh access, you could setup key-based
authentication and transfer files over ssh:

http://software.newsforge.com/softwa...5/211214.shtml

You could also store the password (or a key to decrypt the password) in
a file that no one else has access to, or supply the password to the
script each time you connect to the remote site.

livefreeordie wrote:

Hi,

I'm part of a 5-person team that develops websites for our company. I
need to use the ftp_* functions to find some files on another file
server. I need to authenticate to the file server using my username &
password but I don't want to have it right there in the script in plain
text.

Any suggestions?

"livefreeordie" <jp*******@gmail.comwrote in message
news:11*********************@c28g2000cwb.googlegro ups.com...

Hi,

I'm part of a 5-person team that develops websites for our company. I
need to use the ftp_* functions to find some files on another file
server. I need to authenticate to the file server using my username &
password but I don't want to have it right there in the script in plain
text.

Any suggestions?

if you are trying to hide from your team members then best to take input
from a form and feed those to your script
making an include to another file with the passwords etc won't help if the
perople you are hiding this info from have access to the same directories.

livefreeordie wrote:

Hi,

I'm part of a 5-person team that develops websites for our company. I
need to use the ftp_* functions to find some files on another file
server. I need to authenticate to the file server using my username &
password but I don't want to have it right there in the script in plain
text.

Any suggestions?

Encrypt the password and decrypt it just before sending it. Not really
safe; if someone else has access to the encrypted password and the
decrypt code they can easily decrypt it.

Or you could force the user to enter it in a browser.

But there's not a lot you can do to protect passwords when others have
access to the source code, also.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Zebrawszy mysli livefreeordie <jp*******@gmail.comwyklepal:

Any suggestions?

ofc :)

hi, you can store it in plain text, no problem (ofc if some1 has a time he
can broke it but perhaps it will be waste of time)
1. make your own pass for example: $pass = test
2. use js or php function and do that action:

$encryptedPassword = 1;

for($i = 0; $i < strlen($pass); $i++)
$encryptedPassword *= ord($pass[$i]);

3. you will have big nuber (ofc if you will use more then 3 letters in
password :) )
4. put this number into your file and make form - only password of if you
want pass and username too
5. use same function to convert post data to number
6. try to compare stored password with that what you will have from post

OFC you have to make your passord offline and put it like a CONST or other
static variable in your file

have fun :)
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ikciu | gg: 718845 | www: www.e-irsa.pl

2be || !2be $this =mysql_query();

Johnny wrote:

"livefreeordie" <jp*******@gmail.comwrote in message
news:11*********************@c28g2000cwb.googlegro ups.com...

Hi,

I'm part of a 5-person team that develops websites for our company. I
need to use the ftp_* functions to find some files on another file
server. I need to authenticate to the file server using my username &
password but I don't want to have it right there in the script in plain
text.

Any suggestions?

if you are trying to hide from your team members then best to take input
from a form and feed those to your script.

Well this is part of a tool that is run by the user community - it just
access files on another server. I really don't want to make each user
enter another username and password - I want to just use my own
credentials.

making an include to another file with the passwords etc won't help if the
perople you are hiding this info from have access to the same directories.

Exactly. I've temporarily solved the problem by making the include
file owned by user 'nobody' - under which the web server runs, and
changing the mods to 600 . I have sudo privs to do this -
unfortunately so do other people on the team - so if they really wanted
to , they could get at my pwd. But I'm not entirely sure they would
know how. ;)

We're moving to a new server where the Apache will run under a
dedicated username. When we do that, I can just use its own username &
password since it's known among our web team anyway.