[RESOLVED] flat file .php file

music_man

I was curious about his thread:

http://cutephp.com/forum/lofiversion/index.php/t3116.html

Is it possible to have a flat file database as a php file? Would that make it mroe secure?

Weedpacket

To answer your questions:
1) Yes.
2) No.

music_man

Do you know how to make a flat file more secure? I have put them in a .htaccess protected directory and I have <b>attempted</b> to implement mcrypt (without success).

I thought if it was in a php file then it would not be able to be accessed via the browser...

drew010

if its in a php file it gets parsed by php, but if there are no <?php ?> tags in there, its output as straight html so itd be just as viewable.
just store them in a file not acccessable from the web, or htaccess protect it with deny from all so the file cant be viewed.
if its storing usernames and passwords, you could do like
username|sha1-hashed-password-here

music_man

Can you decrypt sha1?

If so, could you please give me a URL so that I may learn?

Weedpacket

If you could it would defeat the point of SHA1.

The SHA-1 is called secure because it is computationally infeasible
to find a message which corresponds to a given message digest, or to
find two different messages which produce the same message digest.
Any change to a message in transit will, with very high probability,
result in a different message digest, and the signature will fail to
verify.

Note that that is "infeasible as of late 2001".

music_man

okay. The problem with that is that I have to encrypt/decrypt email addresses to use on a mailing list script.

I have put the data file outside public_html.

drew010

if it is email addresses you are storing, and they are below webroot, id say you are secure enough. if someone does manage to get access to it, then they most likely have access to the majority of your files and could then view the script which uses mcrypt and contains the encryption key. unless you plan to enter the encryption key manually to initiate a mailing, and then again manually to take the newly subscribed email and encrpyt them into the main list.

music_man

Thank you for your help.