I am connecting to a mysql database hosted with GoDaddy to display search results, run basic queries etc.
Obviously, this requires providing a password within my PHP code. Should I worry about hiding my password - and if so, how do I go about doing it? With GoDaddy it is not possible to store the php file that includes the password outside the webtree.
Thanks,
hominy
Check out PHP accelerators / encoders, as they will usually convert your code into a non human-readable form. I know that in a previous emloyment, Zend allowed me to then remove the original source from the production server, so that only the encrypted form was available. I don't know if the others support this feature.
Some accelerators:
Zend Encoder ($$$)
PHP Accelerator (Free)
There are others too, see Google
What about using an include file? Does GoDaddy allow you to view .inc the files from a web browser? I know there may be some security issues by doing this. I'm new to PHP myself, and would be interested in knowing how you solve this issue.
Protecting your passwords from people accessing them in a browser is easy. The tougher question is how you hide them from someone who logs into the server.
True, my assumption earlier was that hominy would be the only person logging in.
Do my passwords have to be encrypted in go daddy? I don't want them to encrypt, I want to be able to see the password and use it as it is in the table. Any ideas on how I can do that in Mysql?
Abicus;11028353 wrote:Do my passwords have to be encrypted in go daddy?
Of course not.
Abicus;11028353 wrote:I don't want them to encrypt, I want to be able to see the password and use it as it is in the table.
That is A Very Bad Idea.
Also, this seems to be a different question than the OP had: hominy was asking about how to hide a MySQL password in a PHP script, whereas you seem to be asking about how to store passwords in a database. If you have a new question, you should start a new thread (especially since this thread is almost 8 years old!).
Abicus;11028353 wrote:Any ideas on how I can do that in Mysql?
Sure; just don't encrypt them.
thanks for the quick repsonse, but how do I do it in myphph admin?
...do you mean phpMyAdmin?
Regardless of the method, when you INSERT new records, simply insert them as plain text. Don't encrypt them first.
Again, you should start a new thread to discuss your question.
my apologies. thank you for the advice, it worked beautifully. I am still learning my way around DB.
Abicus;11028353 wrote:I want to be able to see the password and use it as it is in the table.
DO
NOT
DO
THIS