DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/)
-   PHP (http://www.daniweb.com/forums/forum17.html)
-   -   $password= '*****' is this safe? (http://www.daniweb.com/forums/thread54396.html)

went1180 Sep 6th, 2006 6:36 pm
$password= '*****' is this safe?
 
may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...

Barnz Sep 6th, 2006 7:16 pm
Re: $password= '*****' is this safe?
 
Quote:
Originally Posted by went1180 (Post 249986)
may i ask if it is ok to create a $password variable with my real password as the string? it seems like mysql_real_escape_string() won't work because this function only works after the connection is made, but i've also read that php code is not actually viewable by a user...


I always wondered this myself,

But im not sure so you could just encrypt it anyway, there are functions in PHP that do this.

cscgal Sep 6th, 2006 7:48 pm
Re: $password= '*****' is this safe?
 
Find the encrypted value of your password string and do $encrypted_password = '**********';

Then, do a check against md5($entered_password) == $encrypted_password. This way, if someone gains FTP access, or another user on your server, won't know what your password is.

went1180 Sep 6th, 2006 9:15 pm
Re: $password= '*****' is this safe?
 
I'm not sure if we're talking about the same thing. I THINK you might be referring to a form where a user logs in with a password, whereas I am trying to write a script which takes $_POST data and enters it into an INSERT query using the username and password in mysql_connect().

[php]
$hostname="blah.blah.net";
$username="blahblahjunior";
$password="blahblahblah";
$dbname="blahbase";
$usertable="blahusers";

$con = mysql_connect($hostname,$username, $password);
[/php]

i.e. is the $password string in the php file used to connect to the database ever visible/hackable by an outside user.

p.s. yer cute

cscgal Sep 6th, 2006 9:18 pm
Re: $password= '*****' is this safe?
 
Ah, you're right. I was referring to a password being entered in a form. In such a case, entering the password in plain text is the only alternative I know of, since md5() and sha1() are both one-way encryption algorithms.

went1180 Sep 6th, 2006 9:30 pm
Re: $password= '*****' is this safe?
 
my bad ambiguous post to start with. thx...

Puckdropper Sep 7th, 2006 1:09 am
Re: $password= '*****' is this safe?
 
I asked the same question several months ago.

Here's the thread:
http://www.daniweb.com/techtalkforums/thread48057.html

Users of Mozilla and Firefox may want to right click and select "Open in new Tab" especially if they're browsing with tabs now.


All times are GMT -4. The time now is 7:51 am.

Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC