php's access to file system

Anon

Hi,

I've written some script to allow validation of a password file. I'd like to use this instead of Apache standard authentication because I think it looks better being incorporated into the form.

The way I've coded it doesn't seem very secure. I refer to the password file on my box using the 'file' function. This means that it could be downloaded somehow (in plain text) even if I place the password file in a Apache password protected directory.

Does anyone know how to make this more secure? I'm not sure whether my way is the same as other peoples form password systems and I'd really like some reassurance if possible 🙂

TIA.

Chris

Anon

you can have it set up out side of you public_html directory. while people on your server can still read it... php does have crypt functions, so encrypting the passwords are a better option( using the pasword as the seed is as secure as you can get it from what i know since you have to know the password to decrypt it)

more or less this is secure enough to have the file on an open directory.

Anon

Thanks - I'm on a win32 version of Apache right now so I wasn't completely sure that leaving the password file outside of the Apache directories would be enough.

I'll also look into crypt too - thanks very much for your help and advice.

Chris