Page 1 of 1

Re: Database password encryption

Posted: Fri Nov 23, 2012 3:20 pm
by seandisanti
Some good news and some bad news. The good news is, as long as you're saving that in a file with a .php extension, noone will ever be able to read it from their browser. The bad news is that anyone with access to your source files, say you hire a developer to do some web work for you and you give him full access to your ftp; will have the ability to read any file they want. There are a few ways to obscure your password via obfuscation, but security through obscurity is just fooling yourself anyway. All you can do is control who you give access to, don't re-use passwords, and change passwords when you add or remove users that have access to the relevant files.