Some php applications store database passwords into files which can be
read by the user www-data.
So, a malicious user which can write php scripts could read those passwords.
What should I do to prevent users from viewing those passwords?

You could encode your file(s) using something like the Zend Encoder. This turns them into byte code IIRC, so it's hard (not totally impossible I think) to get the clear text.

--
Richard Heyes
http://www.websupportsolutions.co.uk

Knowledge Base and HelpDesk software
that can cut the cost of online support

** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to