Encrypting PHP file

computerzworld

Hello,
I am having php file which is a configuration file & it contains important data that I dont want to show to any user. How can I encrypt this file? Please help me. Thanks in advance...

etully

First of all, since it's PHP, nobody can read it. If all the PHP file does is set some variables, then it has no output, and people won't be able to see what's in the file.

Second of all, don't put the config file in your web tree. This is why hosting companies give you a directory called "htdocs" or "public_html" (or something similar) to put your web site's files in. If you don't want something to be read, put it above the htdocs directory instead of inside it.

Third of all, if you encrypt it, how will your PHP scripts be able to read it? If you put some sort of decryption tool inside your files... then a hacker could simply take those tools and use them to decrypt the encrypted config file so you've gained nothing. (This is why a basic rule of security is to never store the decryption device with the encrypted data.)

So the correct way to deal with the problem is to store the config file outside your web tree ( your htdocs or public_html directory).

bradgrafelman

etully wrote:
Third of all, if you encrypt it, how will your PHP scripts be able to read it? If you put some sort of decryption tool inside your files... then a hacker could simply take those tools and use them to decrypt the encrypted config file so you've gained nothing.

Well, not exactly. If it was simply a code obfuscator, then sure, those are usually easy to unobfuscate automatically. Something like Zend Encoder, however, would be a bit trickier than that.